In order to spot a phishing email from a cybercriminal, the first step is understanding what it is. Simply put, a phishing email is an attempt to get the recipient to perform a specific task. They may be asking for sensitive login credentials, asking you to open an attachment or a request to click on a link.   

A socially engineered phishing email are even more clever in nature. They attempt to act like a trusted source you are familiar with, which appear genuine to an untrained eye. As a result, the recipient is much more likely to take the action requested because the email appears more trusting. With a quick Internet search hackers can review professional profiles and social media sites to identify specific information to trigger people to take specific actions. Completing that action can have massive consequences like introducing malware on your companies’ network, obtaining personal information for identify theft for financial gain and much more. To learn how to spot these phishing emails please see below. 

1. Email Attachments

File sharing has evolved and is more commonly taking place with tools like SharePoint, Dropbox or OneDrive. However, if you’re receiving external emails with attachments or even what appears to be an internal email, it’s best to be overly cautious. If it’s someone you know and are expecting that you are typically safe. If it’s someone you don’t know and/or you see a .zip, .exe, .scr, etc. file extension, it is advised to ignore and do not open.

2. Reward Emails

You know these emails, the ones that appear too good to be true. They ask for information or an action to be taken in order to claim your prize or reward. If you didn’t initiate the contact or the sender is not someone you know, avoid these emails at all costs.

3. Urgent Action Required Emails

These emails attempt to force you into taking an immediate action by creating a sense of urgency. They often create fear, uncertainty, and doubt by asking you to rush into an action or a negative consequence will take place. Don’t let your emotions get the best of you in these situations, stay calm and double check the details before falling for the trap.

4. Spelling and Grammar Mistake Emails

We’ve all received an email asking us to take an action before, typically impersonating a trusted source. The weird part is that these emails have simple spelling mistakes, and the grammar is always poor. This is an immediate red flag to a phishing attempt. Professionals always use spelling autocorrect and are familiar with our language where grammar mistakes aren’t as obvious.

5. Emails Requesting Sensitive Data

Any email from a familiar or unexpected sender asking for sensitive data related to login credentials or payment information should always be treated with caution. You should never share sensitive data via email, nor will a trusted source ever ask you for that information via email. These cybercriminals can even make login pages look incredibly similar to the real thing by sending a link that redirects you to a fake login page. Ignore these emails and call the trusted source directly or login directly by going to their website and avoiding the link in the email.

PCG Systems is a Managed Services Provider who strives to be our client’s best asset.  We keep your IT running smoothly and streamline your business processes while protecting you from cyber-attacks.  To learn more about our services please visit our website at