University of Wisconsin–Madison
Image of Netflix phishing icon

3 Ways to Recognize and Avoid (Netflix) Phishing Email

In late September, a new phishing email hit inboxes. It informed users of a billing problem with their account, and instructed them to “Login Now.”  Anyone unwary enough to click the link was taken to an apparently legitimate Netflix login screen. Here are three ways to recognize and avoid this and other phishing emails.

Beware faulty grammar, spelling or punctuation

Phishing emails are sometimes recognizable by errors in grammar, punctuation or, less often, spelling. In the case of the Netflix email, users were told to click a link and login where they would be “required to enter some informations like (billing info, phone number, payment info.)” 

screen capture of the NetFlix phishing email
There are both grammar and punctuation problems in this message to tip off the sharp-eyed reader; did you spot them all?

As you scrutinize the email for surface errors, pay attention to the tone. Is it overly complimentary? This is a common social engineering tactic. Is there a sense of urgency, a deadline, or the threat of a penalty? These are often included in phishing emails to prompt us to act before thinking.

Check the link & the sender’s email address, and any information in the signature

Confirm who really sent an email, for example, in Gmail you can click on the downward arrow next to the sender’s name. It’ll expand to show the full info. You should also hover your cursor over any links to see where they actually lead. Finally, use your favorite search engine to check any information in the email signature. A bogus personal name, company name, address or other contact information is another easily spotted give away.

Compartmentalize your email

Use a dedicated email address for all sites where you enter payment data, and don’t use it anywhere else; that way any phishing email sent to your other accounts will be more recognizable as such, and phishers will have more difficulty targeting your dedicated email address. Also consider using a throw away address for public sites where your email address might be harvested by phishers, including social media, job search sites and professional networking sites.

Bonus tip: Block Images in Email

Phishing emails may also contain other threats; images in emails may used to tell if you’ve opened the email, to find your IP address, or even deliver malicious payloads. For this reason, you should consider changing your email client’s settings to block displaying images in email, if it’s not already doing so by default. Most clients will still allow you to override the setting in specific cases, so you have the option when you’re sure your dealing with a legitimate message.

Phishing attacks are clearly not going away, and continue to grow in sophistication, therefore we must be alert to trickery.  Phishing emails may seem completely legitimate at first glance, coming from web services we use every day, so exercise due vigilance.