What is a phishing email?

Phishing is an email method in which someone is trying to trick you into revealing personal information (credit card numbers, passwords, company information, etc.  These emails are disguised so they look as if they are sent from a reputable source. Often these emails contain a link that will ask you for personal information (password resets).


What should I look out for?

  • Email Domain Mismatches  - make sure the email domain matches the company name. In this example the email name says it is from Google but the domain is "googie.com". This is often hard to spot but Gmail warns you by putting a question mark icon next to the senders name.
  • Generic Greetings - If an email starts by greeting you by your full name or "Dear sir or madam" that is a warning sign.

  • Password Reset Links - A legitimate company will never send you an automated password reset email unless you initiate it.  For example, you fill out a forgot your password form.  If you aren't expecting a password reset email from that company then don't click on the link. 

  • Urgent Request / Discretion - Phishing emails will often say "they are tied up in a meeting and need your help" or "Please keep this discrete because it is a surprise".  An example of this would be someone asking you to buy Virtual Amazon gift cards for the office and email them.

What should I do if I think I have a phishing email?

  • Pick up the phone -  The simplest way to verify an email is to just call the sender and verify that the email was actually send by them.

  • Search your email history - Search your emails to see if you have ever received other emails from this recipient.  This will help you identify if the email domain doesn't match the sender.

  • Contact the IT department - Let us take a look at the email and we can help determine if it looks legitimate or not.

  • Report the email as phishing and move on - There are millions of phishing emails sent every day. If you know for sure you have received a phishing email you can simply report it to google as phishing and move on. Unfortunately these organizations never use the same email address twice so there is no point in us trying to block these email addresses.