By Talos Team October 10, 2022
Common Indicator
Requests for personal information, generic greetings or lack of greetings, misspellings, unofficial “from” email addresses, unfamiliar webpages, and misleading hyperlinks are the most common indicators of a phishing attack.
Practical Examples
1. Legit companies don’t request your sensitive information via email If a company sends you an unsolicited email with a link or attachment and requests sensitive information from you, there’s a good chance it’s a scam. Most companies won’t email you requesting your password, credit card information, tax identification number, or credit score, nor will they send you a link that needs you to log in.
Although it may seem obvious advice, even Uber employees have fallen into this trap.
2. Legit companies usually call you by your name
Phishing emails typically use generic salutations such as “Dear valued member,” “Dear account holder,” or “Dear customer.” If a company you deal with required information about your account, the email would call you by name and probably direct you to contact them via phone.
However, some malicious users avoid the salutation altogether. This is especially common with advertisements. The phishing email below is an excellent example. As you can see the email comes from an address other than hotels.com
, specifically roktpowered.com
(see next tip).

3. Legit companies have domain emails
Do more than look for the email sender’s name. Check their email address by hovering your mouse over the ‘from’ address.
Make sure emails have no alterations (like different numbers or letters).
Check out the difference between these two email addresses as an example of altered emails: luca@paypal.com
to luca@paypal23.com
.
Just keep in mind that this approach isn’t infallible. Some businesses send emails using unusual or diverse domains, while smaller companies use third-party email providers.
4. Legit companies don’t send unsolicited attachments
Unsolicited emails that contain attachments reek of malicious users. Typically, authentic institutions don’t randomly send emails with attachments but instead direct you to download documents or files on their website.
Like the tips above, this method isn’t foolproof. Sometimes companies that already have your email will send you information, such as a white paper, that may require a download. In that case, be on the lookout for high-risk attachment file types, including .exe
, .scr
, and .zip
. (When in doubt, contact the company directly using contact information obtained from their actual website.)
5. Legit company links match legitimate URLs
Just because a link says it’s going to send you to one place doesn’t mean it’s going to. Always double-check URLs. If the link in the text isn’t identical to the URL displayed as the cursor hovers over the link, that’s a sure sign you will be taken to a site you don’t want to visit. Never trust a hyperlink whose URL doesn’t seem to be correct or doesn’t make sense in the email’s context. Hovering your cursor over embedded links (without clicking!) will increase security. Check that the link starts with https://.
6. Legit companies know how to spell
Perhaps the simplest indicator of a phishing email is poor grammar. An email from a reliable company ought to be well-written. Unknown fact: There is a reason why terrible syntax exists. Most malicious users are intelligent. They prey on the uneducated, believing them to be less observant and, thus, easier targets
