Three general characteristics to watch for in a phishing email

One of the most common technology questions we receive is: “How do I tell if an email message is legitimate or not?” Sometimes it can be easy, but many times it can be hard to discern. Here are three general characteristics to watch for:

  1. The email ultimately asks for your personal information

In a phishing email, the ultimate goal is to obtain your personal information, such as your bank account numbers, credit card numbers, passwords, and more. They do this by crafting their messages to instill a sense of urgency to take action immediately — for example, your email account will be closed if you don’t respond, or your credit card has a large charge that needs to be verified, etc. No matter how convincing or official an email message might look, it’s important to remember that if it asks for your personal information, this is a sign that the email could very well be fake, and should be ignored.

  1. Check for inconsistencies in the links

Phishing emails will usually try to convince you to click on links in their message, so they can take you to their own custom page, and have you voluntarily divulge your personal information. Before clicking on any link, hover over the link with your mouse cursor to see where it goes. If the email is supposedly from, say,, but hovering over a link gives you a different address, this a sign that the email could very well be fake, and should be ignored.

  1. When in doubt, verify with the sender directly

If the email passes the tests above but you still feel uncomfortable about it, go with your instincts. Contact the sender directly through a different channel (for example, by calling them directly) and ask if the email is legitimate. With data and online security making headlines, no company will rely on email to transact business involving your sensitive data.