Recognizing phishing mails. How to spot them?

Phishing is a much-used cybercrime technique, with which criminals attempt to steal personal information or login credentials. They usually do this by creating official-looking messages that ask you to click a link they’ve sent. Then, that website -that secretly isn’t from the company you expect it to be from- will ask you to enter login information or other sensitive information. Be sure that you don’t fall prey to these practices by applying the S.A.F.E.-rule: a (Dutch) acronym that can help you check incoming messages for legitimate contents.

The S.A.F.E.-rule

S – Schrijfstijl (style of writing)

Always read a message carefully. Spot any odd mistakes? Sentences that are structured weirdly? Trust your gut: if the message contains many mistakes or is written oddly, chances are you’re dealing with a phishing message.

A – Afzender (Sender)

Always double check the origin of an email. Not just the sender’s name, but the full email address too. Phishing messages are often sent from random email addresses such as nhrpa1rth@t0ws.com. And even if the email address looks legitimate, it pays to be careful and verify. For example, we’ll send messages from email addresses that end in @master-soIutions.nl. Now copy & paste that in a text editor and change the font. See? One of those L’s is actually a capital i. Be aware that cybercriminals use these types of tactics to deceive you.

F – Fake Link

If you have even a single doubt about whether a message is legitimate or not, never open an attachment or link. You can check links by hovering over them and look in the lower left of your screen. There you’ll see where the link will take you. If the link takes you to a website you don’t know or that isn’t an official company one (Google’s your friend here!), don’t click it.

E – ePrivacy

Remember: legitimate, trusted companies will never ask you directly for personal or login information. So if you receive a message in which the sender asks you to give this information, you’re almost certainly dealing with a phishing attempt.

Being aware of techniques to pilfer (personal) information is one of the most important skills you can have, as most hacks or data leaks can be traced back to “Social Engineering”: misusing the human tendency to trust. Now you’ll know what to be on the lookout for.