Recognizing a Phishing Email

Date: September 14, 2018

How can you spot a clean and legitimate email from one that is malicious and harmful?

By Allen Perk, owner of XLN Systems, NFIB member since 2002, and member of Attorney General DeWine’s CyberOhio Advisory Board

Remember the ‘good old days’ of email (like 12-15 years ago) when the most menacing thing we had to worry about was too much advertising spam!  We still have advertising spam by the virtual truckload but today we have yet another thing to add to our email worries: Phishing attempts.  Phishing is a cleverly disguised email, made to look like it came from a trustworthy source, designed to steal your sensitive information, or worse, simply (and naively) convince you to give it away.

Phishing emails try to get you to do one of two things: first, to simply hand over sensitive information and second, to download malware which more often than not contains ransomware.  Ransomware is very, very bad.  It will literally take ALL THE DATA on your PC (or server) and encrypt (lock) it so as to make it unusable to you.  In order to get the “key” and decrypt the data back to normal, you must pay a ransom.  Usually, this ransom payment is around $500 and must be paid in Bitcoin or other non-traceable methods.

So, how can you spot a clean and legitimate email from one that is malicious and harmful?  Here are just a few of the many ways to spot a phishing email.

  1. If an email is asking you to change passwords, look first at the “From” portion of the email. Be sure it came from your IT department, bank or other institution where you have a valid login account.
  2. If an email is asking that you log into a website, be wary. For example, YOURBANK wants you to log in and verify information.  The email looks exactly like an email from YOURBANK.  To be sure, “mouse over” the link.  This means DO NOT CLICK THE LINK but put your mouse on the link.  Now, look at the lower left of your screen.  That area will show you the website that link will take you regardless of the name of the link.  If it’s not YOURBANK.COM, it’s better left alone! (More information on “mouse over” can be found at the XLN website;  )
  3. Check the email address of the “From” field. You may be expecting an email from but the field may say or something other than the email address you know it should come from.
  4. If there are multiple spelling or grammatical errors, chances are it’s a phishing email.
  5. Emails that encourage for you to act immediately. – “Urgent Action Require” or “Act now or your Account will be closed”.  Again, chances are it’s a phishing email.
  6. The IRS or Law Enforcement will NEVER email you for information or ask that you call them. The IRS will ONLY send letters in the mail. 

If you encounter such an email, DELETE it!!!  Then notify someone in authority so that others can be warned.  When told to do so by your IT department, “Empty the Wastebasket” as well as your Trash and Junk folders.

Now you’re free to move on to the next email advertisement, I mean, business email.


Subscribe For Free News And Tips

Enter your email to get FREE small business insights. Learn more

Get to know NFIB

NFIB is a member-driven organization advocating on behalf of small and independent businesses nationwide.

Learn More

Or call us today

© 2001 - 2022 National Federation of Independent Business. All Rights Reserved. Terms and Conditions | Privacy