2. Request of Login Credentials
Phishing emails usually request login credentials, personal information, or organizational information.

3. Assurance of Security
To say “it is a secure Link” sounds a little “phishy” to me. I would hope if my true friend was sending me a link, they wouldn’t have to mention that it is secure.

4. Hovering over the link
When you hover over the link in your email, you will be able to check the legitimacy of the URL source.

5. Checking the displayed URL in the bottom left corner of your browser
Once you hover over the link, you will see the source URL displayed at the bottom left corner of your screen in a tan box. Now knowing that this URL is not relevant, do not click through.

6. If you happen to click through (which you shouldn’t), you can see the URL at the top before ever following through on the request

As you can see in the below image, when you click through the link in the email to the webpage, you will notice the URL is not relevant to Google Docs. Never share information in such a situation. If you see this page, you went too far. You shouldn’t have clicked on the URL in the email in the first place.

In conclusion, never assume an email from your co-worker, classmate, friend or family member is legitimate. Attackers pose as trusted contacts, use claims that seem relevant (like sharing documents) and find ways to capture your information.

If you feel the email was meant for you, don’t click the link. Instead, reply to your friend (not by hitting the reply to the email button but by composing a new email in a separate tab, manually entering in the trusted contact’s email address) and ask if the email was intended for you and the purpose of the link.

For more information on Anti-Phishing Training for your organization click here.