Man using laptop at table.

How to spot a phishing or fraudulent email

Thousands of Americans deal with attempted cybercrime each year. In fact, the FBI received 800,944 complaints of internet crime in 2022 alone. One of the common methods cyber criminals turn to is email phishing, so learning how to spot a suspicious email is vital. In this article, we’ll cover how to spot email phishing and how it works, so that you can protect your personal and financial information and avoid falling victim to a phishing attempt.

What is phishing?

Phishing is a type of cybercrime that happens through email, phone or text. Phishing emails attempt to lure you to do something like clicking a link. When you take the bait and do what the hacker wants, you could face consequences. Hackers use phishing techniques for a few primary purposes:

  • To steal your personal information
  • To commit financial fraud
  • To assume your identity

The best way to protect yourself is to learn how to identify a phishing email. Learning this can help you avoid identity theft and many other concerns.

How to recognize a phishing email.

Cybercriminals send over 100 billion phishing emails every day. Unfortunately, detecting phishing emails isn’t always a simple feat. Here’s what to look for to protect yourself from these scams.

  • Check the sender details: Look at the sender’s name, organization and email address before opening emails and clicking links.
  • Verify the legitimacy of the URLs: Hover over the links to see their extensions and titles, and don’t open them if they appear suspicious.
  • Think about the message: Is it intended to frighten you? Is it a too-good-to-be-true offer? Is it asking you for sensitive information or urgent payments you can’t explain?
  • Beware of unexpected attachments: Never open attachments in emails from people you don’t know. One of the ways to identify phishing emails is by learning the popular malware extensions hackers use. Some of these include .zip or .exe, but there are many others.
  • Check for grammatical errors and misspellings: Spam messages often feature many errors in grammar and spelling, although chatGPT and other AI content generation software have made it easier for scammers to create professional-looking messages.
  • Contact the sender through a verified manner: If you’re in doubt, call the sender before opening the email. For example, if the email lists your bank as the sender, contact your bank directly to find out if they sent the email.
  • Review the branding: Look closely at the branding on the email. Hackers are good at mimicking branding, but they often miss some details.
  • Google the request: The internet can help you determine if emails are phishing attempts. Just google the sender, email address or words in the email to see if there is information online about it.

Hackers also use texts and phone calls to lure you into scams. As a result, learning how to protect yourself from vishing (voice phishing) and smishing (SMS phishing) is also important.

Steps to protect yourself from phishing attacks.

A few key practices can keep you safe and protect you from identity theft long before you spot a suspicious message. Implement the following strategies:

  • Never offer personal or financial information through email
  • Filter your emails
  • Monitor all your accounts and credit reports
  • Use antivirus software

Additional resources for protection against phishing.

In a world of technology, staying diligent and up-to-date on cybercrime can help you prevent it. Fortunately, there are numerous resources to help you:

  • OnPoint Personal Cybersecurity GuideDownload this e-book to learn the best ways to stay safe online.
  • Cybersecurity & Infrastructure Security Agency (CISA)Use this site to learn additional ways to protect your personal information online.
  • govThis government site promotes educational resources to help you avoid becoming a victim of cybercrime.


What to do if you receive a phishing email.

When you identify a phishing attack:

  • Avoid the urge to click on any links or download attachments
  • Report the email to your email provider
  • Delete the email from your inbox and trash
  • Block the sender to prevent further phishing emails from the same source

Can you get a virus just from opening an email?

Thankfully, you generally can’t get a virus from just opening an email. The virus typically comes from clicking a link or downloading a file. However, some email accounts allow scripting. If yours allows this, there is a chance your device could get a virus simply from opening an email, but this is extremely rare. Opening emails in plain text instead of HTML prevents you from getting viruses without clicking anything.

What to do if you fall victim to a phishing email.

Man using laptop at tableKnowing what to look for can help you avoid phishing attacks, but there is still a chance that you fall victim to one. If this happens, take the following steps:

  • Change compromised passwords immediately
  • Contact your financial institutions if financial information was shared
  • Run a malware scan on your device
  • Monitor your accounts for suspicious activity
  • Consider a credit freeze if necessary
  • Report it to the FTC

Staying safe online.

Hackers are hard at work every day waiting for their next victim, but you can take steps to ensure it won’t be you. Begin by understanding how phishing schemes work and learning how to spot email phishing scams. You can then take the appropriate steps to analyze every questionable email you receive before clicking any links or downloading any attachments. Check out OnPoint’s blog and OnPoint’s Personal Cybersecurity Guide for more tips to stay safe online.

Note: Email should not be used to share important or sensitive information.

The security and privacy of your information is important to us. When communicating with us via email please do not send any information that is considered confidential or sensitive in nature. If you need to communicate any personal information (account numbers, social security number, etc.) please feel free to call the number listed in my profile or contact OnPoint Member Services at 503.228.7077 or 800.527.3932.



You are leaving OnPoint Community Credit Union.

The website you are about to visit is the responsibility of the party providing the site. Any transactions you enter into through this third-party site are solely between you and that vendor, merchant or other party. OnPoint’s Privacy Policy does not apply to this third-party site, and for further information you should consult the privacy disclosures of this site.



Cancel Accept