Knowledge Base - How To Detect Email Spoofing And Phishing

It's important to exercise caution when clicking links in email messages.

Senders can appear to originate from trustworthy organizations when they actually are not associated with them, and are only interested in stealing your personal information (logins, passwords, account numbers, etc...). The way they go about stealing your information is called "phishing", and they do it in a clever way that makes you believe that emails come from reliable sources. Forging a senders address or creating misleading links is called "spoofing."

Take this bank email as an example:

At first glance, the email appears to be from Scotiabank. However, if we look closely, we can tell that it is suspicious.

Take a look at the originating email address. The email address "accounts@scotiabank-customer-service.com," does not match the email address normally used to send messages or announcements. Though this may not always be obvious if the "phisher" has done their homework, so lets look further...

Hovering your mouse over a link is a way to see where the link goes before you click it. Some websites block this feature, but at the time of this writing we are not aware of any mail client that allows this display to be blocked by content in the mail message. A simple rule - if you can't preview, don't click. Contact the sender by other means, or log into your account using your bookmarks or through their site directly.

When we hover our mouse over the link (always hover, don't click!) that is prompting us to login and reset our password, we can obviously tell that the link has been tampered with and what we think we are clicking will take us to a fake or "spoofed" website that could steal our personal information.

On newer mobile phones, the "hover" can be simulated with a long press. Long press links to check them before clicking them to see if they go where you think they should.

For a more in depth explanation of what Phishing and Spoofing is, click here.