Good phishing emails are hard to detect, but the below habits will detect nearly all of them.
Look at two things:
- the part of the links in the email before the first / (forward slash)
- the part of the email address after the @ symbol
Both of the above bullets are the main website that you are getting email from or it is sending you to. If this website has multiple periods, only look at what is after the second-to-last period. This will make more sense with some examples:
-
[name]@[subdomain].ascoeq.com
- Since we own ascoeq.com, we own every single website that ends in .ascoeq.com
- The period before the "ascoeq" is important: We do not own ExampleAscoeq.com, but we do own Example.Ascoeq.com
- The subdomain part is where scammers try to trick you by adding something expected or familiar. The subdomain is useless in determining the legitimacy of an email.
-
[email protected].
online(where a fake google alert might come from) - "mail-sender.online" is a website that I would NOT expect google to use. It is actually owned by Sophos... for fake phishing emails lol.
- The "google" part is the sub-domain that should be entirely ignored. Scammers try to create a subdomain that tricks you into thinking it's a legit email.
-
[email protected](where a legit google alert might come from)
- "google.com" is exactly who I would expect the email to be from.
- "accounts" is the subdomain that you can ignore.