Think you’re an expert at spotting a malicious email? Test yourself below to see if you can catch the phishing warning signs.

Phishing Scenario 1

You received an email from Amazon.com with the subject line and sender information below. Can you find two signs that this email is a phishing attempt?

Answer

The domain name does not match the well-known domain of Amazon.com. When you visit the Amazon website, you do not visit amaz0n-inc.info. This is a major warning sign that this email is a phishing attempt. Red flags should always go up when you are being prompted to verify account information via email, chat, or phone. Login credentials, payment information, and personal addresses can all be used to hijack your identity online.

Phishing Scenario 2

You received the following email in your inbox. You didn’t order an iPhone or authorize a charge to your credit card, but before you contact Apple for a refund, can you spot three indicators that this may be a phishing scam and not an actual notice of payment?

‍

Answer

The sender’s email address is suspicious and not what you would expect from Apple.com. The email is coming from a generic Gmail address; large companies tend to use branded URLs so you can identify the sender, like support@apple.com. The generic address combined with the misspellings is a big indicator that this email is actually meant for phishing.

Be wary of the generic greeting and lack of identifiable information, like the last four digits of your credit card number supposedly used for this purchase. The same exact email was likely sent to thousands of unsuspecting people. They hope that the scare tactic alone is enough to get you to call them.

Finally, the phone number provided in this email is not associated with Apple. Visiting the Apple website can confirm this information. Always double check before calling phone numbers! The hope is you will call in and provide your real credit card information for the cybercriminals to steal.

Other less obvious indicators that you may have found include:

• Typos and misspellings
• Lack of Apple branding and logos. Even Apple’s automated receipts are in an Apple-branded template that includes links back to the website, disclaimers, and unsubscribe buttons in the footer
• The content of the email is a scare tactic. They are indicating you’re about to get a big charge to your credit card, but you never made the order! You must correct the issue right away! The reality is, none of this is true. Don’t fall into the scare tactic trap

Phishing Scenario 3

You receive the following email with a link to login to your domain registrar account to address an urgent matter. What should you do next?

Answer

If you said check the URL before clicking the link, you’re correct! You never know what the true destination of a text link or shortened link is. You should always investigate further by hovering over the link, or by copying and pasting the link into a notepad application.

You hover over the link to see the full URL below. Does this email seem trustworthy? What factors influenced your decision?

Answer

The answer is no, this email is not trustworthy and you should disregard the message. The URL behind the link doesn’t look like it belongs to Best Domain Registrar, and the address this email was sent from doesn’t look right either. This is likely a phishing attempt to access your domain registrar account and hijack your domain name.

For more information on phishing and tips to keep your digital identity safe, visit the Security and Safety Center at my.locker.