How to identify a phishing emails?
1) Check the sender's email address—if looks suspicious, don’t open the email. Don’t trust the
display name as the phishing email is often forged a name, such as a system administrator
account or the company name.
2) Check the recipient’s address. If you find that the email is sent to large number of employee
in different departments. It may be a phishing email.
3) Check the email sending time. If it beyond working hours, like 3:00am, you need to be
vigilant about it.
4) Check the email subject. Most of phishing emails using "system administrator",
"notification", "purchase order", "invoice", "conference schedule", "list of participants", "review
of previous conferences", etc. as the subject.
5) Be alert to emails that use generic greetings such as Dear User, Dear Colleague. At the same
time, be alert to any email that creates an emergency atmosphere. For example "Please be sure to
complete it today". Most phishing emails attempt to create a sense of urgency, leading recipients
to fear that their account is in jeopardy or they will lose access to important information if they
don’t act immediately.
6) Legitimate banks and most other companies will never ask for personal credentials via
email. Don’t give them up.
7) Be aware of the Emails with spoofed links. Also, look for URLs including "&redirect" ,it
may be a phishing email. Be aware of the "Unsubscribe" button, some of them are leading to
more spam after clicking, or be implanted with malicious code. You can directly block the spam
sender's email address.
8) Use caution when opening email attachments, even if they appear to be from someone you
know. Scan the file using your antivirus program before opening it. Files such as word, pdf,
excel, PPT, rar, etc. may be embedded with Trojans or spyware, especially executable files
with .exe and .bat suffixes in the attachment.
