Phishing Awareness Checklist
Stay on alert and use this checklist to quickly determine if a strange message
could be a phishing attack.
4 Ways to Spot A Phish
1. Check the Header
o Have I given my email address to this company before?
o Do I have an account with this company?
o Does the sender identity match the purpose of email?
o Is my email listed as the From: address?
o Is the To: address to undisclosed-recipients or to a large number of recipients you are not familiar with?
2. Check the Content
o Do links provided in the body of the email look valid?
o Are there misspelling and typos? How is the grammar and is the tone appropriate?
o Am I being promised a lot of money for little or no effort on my part?
o Am I asked to provide money up front for questionable activities, a processing fee, or to pay the cost
of expediting the process?
o Is someone asking me for my bank account number, other personal financial information or passwords?
(“Verify your account.” or “Click the link below to gain access to your account.” are common)
3. Consider the purpose of the email
o Is the issue really as urgent as the sender makes it to be?
o “If you don’t respond within 48 hours, your account will be closed.”
o “Failure to do this may automatically render your account deactivated.”
o Why does the sender request confidentiality? How can I tell if the proposed activity is legitimate and authentic?
4. Be cautious with attachments
o Do not open unexpected attachments.
o Do not open attachments from strangers. Always be absolutely certain you know the sender first.
o Do not open unusual attachments.
o Don’t open attachments that come with strange-looking messages.