Hit enter to search

How to recognize a phishing mail?

Author Avatar
Geert Van de Steen
Chief Information Security Officer , EASI

Have you received more spam recently? Train yourself and read on to see my 7 tips on how to recognize a phishing mail.

Hackers have a lot of spare time to prepare the boobytrap and make it look really real, so please do not rely on mails containing spelling mistakes and ugly layout before letting that alert bell ring inside your brain. Things are getting trickier!

"You can fool some of the people all of the time, and all of the people some of the time, but you cannot fool all of the people all of the time." – Abraham Lincoln

Are you sure that email from UPS is actually from UPS? (Or Costco, BestBuy, or the myriad of unsolicited emails you receive every day?) Companies and individuals are often targeted by cybercriminals via emails designed to look like they came from a legitimate bank, government agency, or organization. In these emails, the sender asks recipients to click on a link that takes them to a page where they will confirm personal data, account information, etc.

Read on to see my 7 tips on how to recognize a phishing mail.

What can you do to protect yourself?
Here is a seven-step plan that will help you to recognize a phishing mail.

The sender of the email

Do you expect a communication from this person? Check the domain of the sender? Is it legitimate? Mouse over the name of the sender. Is the name correct?


Did you expect the email to be sent on this time?


Am I directly addressed? Or just in CC? If in CC, do I know the other recipients?


Empty subjects are suspicious, unless from known contacts. If the subjects begins with “Re:” or  “Fw:”, did you expect this reply?

Content of the email

  • If the sender tries to convince you to open an attachment, it is suspicious.
  • If the sender tries to convince you to open a link, it is suspicious.
  • If the content is incoherent, or does not match the subject, it is suspicious.
  • If the salutation is not correct, it is suspicious.
  • If the sender tells you this is very urgent, it might be suspicious.
  • And hackers are known for making spelling mistakes.
  • Is the salutation anonymous or personal?


Mouse over the hyperlink and check if the link matches the content. Does the link refer to a short-url? Check with CheckShortURL.com first. Does the link look like a well known organisation, but there is a ‘typo’? (www.whitehouze.gov?)


Does this sender normally send me these kind of attachments (is it expected?). Is the sender unknown, and the attachment type is *.doc, *.xls, *.ppt, *.bat, *.exe, *.com, … : Suspicious! If you preview the attachment, and you are asked: “Are you sure you want to open file “invoice.exe” : No!

SentinelOne Singularity Demistified

Current job openings

Get our top stories in your inbox every month

Follow us


Share this article