On this Cyber Monday, and throughout the holidays, when the number of online purchases increases dramatically, so does the potential for criminal activity mixed in with our legitimate email communications. Research has revealed that over half of all users end up opening fraudulent emails and often even fall victim to them.

Phishing is done to gather personal information about you, generally related to your finances. The most common reason for a large number of people falling for fraudulent emails is that phishing attempts are often so well-disguised that they escape the eyes of a busy email reader. Here are some tips to help you identify whether that email came from your bank or is another attempt at defrauding you…

Fraud Alert
personal information

Asking for personal information

Remember, no bank or financial institution asks you to share your key personal information via email, or even phone. So, if you get an email asking for your ATM PIN or your e-banking password, something’s amiss.

Poor Grammar and Typos

Professional organizations that you commonly do business with employ professional copywriters and editors. The occasional typo or grammatical error may slip through the cracks on a legitimate email, however, many phishing scams are riddled with typos and grammatical errors.

poor grammar
fake links

The links seem to be fake

Phishing emails almost always contain links that you are asked to click on. You should verify if the links are genuine. Here are a few things to consider:

  • Spelling – Check for the misspellings in the URL. For example, if your bank’s web address is www.bankofamerica.com, a phishing scheme email could misspell it as www.bankofamarica.com or www.bankofamerica-verification.com
  • Disguised URLs – Sometimes URLs can be disguised…meaning, while they look genuine but ultimately redirect you to a fraudulent site. You can recognize the actual URL upon a mouseover, or by right-clicking on the URL, and selecting the ‘copy hyperlink’ option and pasting the hyperlink into a notepad file. But, NEVER paste the hyperlink directly into your web browser.
  • URLs with ‘@’ signs – If you find a URL that has an ‘@’ sign, steer clear of it even if it seems genuine. Browsers ignore URL information that precedes @ sign. That means the URL www.bankofamerica.com@mysite.net will take you to mysite.net and not to any Bank of America page.

The body of the email is an image

Emails, where the main message is in the form of an image, could take you to the malicious URL upon clicking or opening.

body is an image
unknown senders

Attachments From Unknown Senders

Never open attachments from unknown sources as they may contain viruses that can harm your computer, phone, or network.

Urgency Needed

The message seems to urge you to do something immediately. Scammers often induce a sense of urgency in their emails and threaten you with consequences if you don’t respond. For example, the threat of bank account closure if you don’t verify your ATM PIN or e-banking password.


Layered Security

Having layers of security that contain strong email and spam filtering, antivirus, anti-malware, network content filtering, DNS filtering, and coupled with good software patching and update policies can help reduce your risks. However, bad actors are always looking for vulnerabilities in systems and sometimes it just comes down to being a vigilant user using the tips above when using email.