2022 - New Website Banner Image

Get the most from your services with tips on the best content CityWest has to offer and tech tips from our local staff. 

Blog Details

How to Identify a Phishing Email

Today, we'll talk about phishing emails. Unlike the popular sport with thephishing 4 same pronunciation, phishing is a fraudulent attempt made to obtain sensitive information. Phishers could be looking to obtain your login information, credit card details, or other personal information. 

Many people still expect something like the Nigerian Prince Scam when they think about phishing emails, but they can be much more complex and well thought out. Phishing emails can appear very legitimate and the "From" e-mail can even be spoofed to appear as any address.

We'll go over a few ways to determine if an email is legitimate or a phishing attempt.

1. The email asks for you to enter personal or sensitive information

Do you know what's not a good idea? Sending sensitive information in an e-mail. That's why legitimate companies won't ask you to send passwords, credit card information, social insurance numbers, or credit scores in an e-mail. If a company needs this information, they can obtain it through official documentation or on an encrypted server.

Sometimes e-mails contain links or documents which will ask for this information. Always play it safe. Go directly to the company's website to log in (not the one provided in the e-mail) or call them to ask about the inquiry. Sometimes phishers will even set up a web page for you to log in that looks real. Once they obtain your login credentials, they can use these on the real website. We'll talk more about that below.

2. The email address or web link does not appear legitimate

Like we mentioned earlier, the "from" e-mail can be spoofed to appear as any address. So it might not always be obvious. However, if you receive an e-mail claiming to be from an organization, but the address is from a public domain like "@gmail.com," it's pretty clear that something is wrong.

Another clear identifier is if the e-mail domain is spelled differently. These changes may be subtle. A scammer might have set up an e-mail domain which looks similar to a legitimate organization. Instead of receiving an e-mail from "@netflix.com" it might be from "@netflx.com." Without taking a proper look most people wouldn't notice the difference.

Suspicious links in an e-mail are another good indicator. If you receive an e-mail from Netflix, but the link in the e-mail doesn't take you to Netflix's website, then it's quite clearly illegitimate. 

3. The e-mail's grammar and content

Everyone makes spelling and grammar mistakes, even with automated spell checkers. But you shouldn't see glaring errors in any automated e-mails, especially from larger organizations.

You also shouldn't be subjected to numerous grammatical errors in a single e-mail. If you're seeing a lot of errors, this should raise some red flags.

4. The message inflicts panic

Many phishing e-mails try to create a sense of panic or urgency. Sometimes your "account has been compromised and you need to verify it by logging in." Other times "your account will be closed unless you act immediately."

Always practice caution in these scenarios. If the e-mail is asking something unreasonable of you, it's probably a phishing attempt. Worst case, contact the company directly. No organization will threaten to close your account out of the blue.


If you ever receive an e-mail addressed from CityWest and you're not sure if it's legitimate, give us a call. We're here to help. This post isn't meant to scare you. Know the signs of a phishing attempt and keep yourself protected online.

For more information, visit our support section on security by clicking here.