What is it? An attempt to deceive the victim by convincing them to provide personal information (e.g. access codes) or download malicious software by sending an apparently legitimate email (attributable to an entity or party held to be reliable).
How can I recognize it?
Inappropriate style: the email contains expressions or words that are inappropriate to the sender, including of an intimidatory nature.
Suspicious sender: the sender’s name does not match the email address shown (e.g. the normal sender’s name is accompanied by an unusual or general email address, such as “client@bank.com”).
Urgency: the email invites the recipient to perform an action, such as to confirm their identity, with the utmost urgency, often citing administrative or legal reasons with an imminent deadline.
Grammatical errors: the subject line or the content of the email contain typos, errors of spelling, inaccurate punctuation, or more generally present formal errors.
Suspicious attachments: the email may have attachments, such as compressed folders (.zip), Office or PDF files, even small size. The Office files in particular could activate malicious macros.
False links: the email contains links to websites where the actual destination does not match the name of the link (e.g. a link called “Clients Area” for which the destination is “www.accesso-bank.com”). This can be checked by moving your mouse over the link without clicking.
What should I do?
Beware of any message which asks you to provide sensitive data urgently, whether credentials for accessing home banking, device codes, account or card data.
If you think you might have received a phishing email, contact the sender (i.e. the company, entity or bank which should have sent you the email) via the official channels and check whether or not the message is authentic.