In the digital age, phishing emails are becoming increasingly sophisticated and harder to spot. These deceptive messages are designed to trick you into giving away personal information, such as passwords and credit card numbers.

Recently we’ve been receiving reports of customers getting emails that look like they’re from cPanel or RoundCube, a webmail software provided through cPanel. However, these emails were not sent from legitimate sources. Knowing how to identify these malicious emails is crucial for protecting your personal information and maintaining online security. Here’s our guide on how to spot a phishing email.

1. Check the Sender’s Email Address

Always look closely at the sender’s email address. Phishing emails often come from addresses that appear legitimate at first glance but contain subtle inconsistencies or odd characters. Look out for hidden misspellings of legitimate domain names or use of a different top-level domain. For example, instead of “service@paypal.com“, a phishing email might use “service@paypa1.com” or “helpsupport@paypal.ru“. They might even use a public email provider like gmail.com. Legitimate companies use domain emails that match their official website.

2. Look for Generic Greetings

Phishing emails frequently use generic greetings like “Dear Customer” or “Dear User” instead of your name. Most companies you have an account with will use your name in their communications or not have a greeting at all in the case of marketing emails. A generic greeting can be a red flag.

3. Spelling and Grammar Mistakes

Professional companies spend time proofreading their communications, so spelling and grammar mistakes are rare in legitimate emails. Numerous errors in an email can indicate a phishing attempt. These errors can be due to the scammer’s limited knowledge of English or possibly due to a poor translation from another language. They could even be deliberately placed to evade spam filters that email providers have in place.

4. Urgent or Threatening Language

Phishers often use urgent or threatening language to create a sense of panic and urgency. They might say your account will be closed, or you’ll face a fine if you don’t respond quickly. This tactic is designed to rush you into making a decision without scrutinizing the email or consulting with another individual.

In the case of web hosting, these emails may threaten that you’re over your storage limit or that your email configuration is wrong. They’ll ask you to sign in to rectify the situation and then they will gain access to your login credentials.

An example phishing email copying Spotify

5. Suspicious Links and Attachments

Before clicking on any links or downloading attachments, hover over them (without clicking) to see the URL. If the link address looks strange or doesn’t match the supposed destination, it’s likely a phishing attempt. Legitimate companies rarely ask you to download attachments via email without prior notice.

6. Look for Inconsistencies in Email Design

Phishing emails might mimic the design of legitimate companies, but there are often inconsistencies. Look for odd formatting, outdated logos, or anything else that doesn’t match the company’s usual branding.

Phishing emails can be sophisticated, but by knowing what to look for, you can significantly reduce the risk of falling victim to these scams. Always take a moment to scrutinize emails before responding, clicking on links, or downloading attachments. When in doubt, contact the company directly using information from their official website to verify the legitimacy of an email.