Most of Internet users tend to think they are smart enough not to fall into phishing traps. And yet, the statistics show that many of them keep opening suspicious emails or share their private information way too much. This is even more concerning given the fact that more than half of emails contain malicious attachments or phishing links. With two large-scale ransomware attacks that shocked the world last year, we can safely say – even the most careful users can fall a victim of a cyber attack. So the question is: Can you get better at identifying malicious messages and what can you do more to protect your privacy and online security?

How to identify a phishing email?

If you are not sure whether it’s safe to open an email you have just received, it is always a good idea to take some time and examine the message:

1. Name check. It is extremely easy for a fraudster to sign up for a free email account and create an address that is very similar to your bank’s (or other company’s) official address. Look out for suspicious domains and if you feel it isn’t quite right, better don’t open the email. If in doubt, you can always make a call to your bank or look for an official email on their website.

2. Urgent action. If you receive an email requiring to take immediate action, e.g., “Your account has been compromised,” “Click here,” etc., stay calm and don’t even think of doing what they are asking. This is simply one of the tactics cyber criminals use to trick vulnerable users into providing their private information. Again, if you are worried, simply contact the company you think the message is from.

3. Poor grammar. Be wary if you spot bad grammar or find any spelling mistakes. It is very unlikely for serious companies to send emails to their customers without editing and proofreading them first. So if the text is full of typos and grammatical errors, it is a high chance you are dealing with a malicious email.

4. Generic greeting. Your bank or another company would usually address their customers with their full names. Fraudsters do not invest this much time into greeting their potential victims as they often send hundreds of phishing messages at once. If the email starts with generic “Dear customer” or similar, remain careful.

5. Links to websites. Typically, cyber criminals try to trick you into providing your username and password to get into your online accounts. To do so, they need to lure you into fake websites that look exactly like the official ones. This is why you shouldn’t rush into clicking on links provided in emails. Instead, move your mouse over the button to see the website link. Check if it looks legitimate and starts with “https,” which indicates a secure connection.

For extra security, it is always recommended to use a reliable VPN service. It will help you stay safe from malware and avoid phishing attempts when using unsecured Wi-Fi hotspots. NordVPN’s security feature CyberSec checks domain names against a blacklist and doesn’t let you access the site if it is known for hosting malware.