What is are Phishing Emails and How to Detect them

Phishing emails often appear to come from trusted sources—banks, online services, or even our company—but they're actually attempts to steal your personal or account information. Their goal is to make you click a malicious link, open a dangerous attachment, or respond with private information. This article will help you recognize and avoid phishing attempts on your own going forward.

1. Confirm the Sender’s Email Address

One of the most important steps in identifying a phishing email is to examine the sender’s email address. Fraudulent messages often use addresses that are similar to legitimate domains, but with small differences—extra characters, swapped letters, or unusual domain endings (e.g., .com.co instead of .com).

For example:

• Legitimate: helpdesk@entirelydigital.com

• Suspicious: support@entirelyd1gital.com or entirelydigital@secure-mail.net

If the domain doesn’t match the real company’s domain, or looks unrelated to you or EntirelyDigital, that’s a major red flag.

2. Inspect All Links Before Clicking

Phishing emails often contain links that lead to fake login pages or sites infected with malware. Always hover your mouse over a link (without clicking) to preview the destination. If the URL looks strange, unrelated to the sender, or redirects to a suspicious domain, don’t click it.

3. Watch for These Common Red Flags

Phishing emails tend to follow certain patterns. Here are common signs to look for:

• Unexpected or urgent requests
  ("Your account will be suspended unless you act immediately.")

• Spelling and grammar issues
  Legitimate companies rarely send out poorly written communications.

• Requests for sensitive information
  No legitimate organization will ask you to send login credentials, credit card numbers, or other private data via email.

• Attachments from unknown senders
  These may contain malware. Don’t open attachments unless you’re expecting them and you trust the source.

• Links that don’t match the sender’s domain
  As noted above, mismatched domains are a major warning sign.

What to Do If You Receive a Suspicious Email

If you receive an email that seems suspicious:

1. Do not click any links or open attachments.

2. Do not reply to the email.

3. Verify the sender through a trusted method (e.g., call or message them directly).

4. Report the email to your email provider or IT support team.

Stay cautious—your awareness is your best defense against phishing threats.