Skip nav to main content.

How to Spot a Phishing Email

Often times these emails can look fairly realistic, tricking the recipient into believing that the message comes as a request from someone they know or a company they do business with. These emails can include links or attachments that’ll take the recipient to a malicious website laced with malware. Sometimes they’ll just straight out ask the recipient to give out their personal information. Don’t fall for the common tricks seen in phishing emails. To help you, we’ve put together a short guide to spotting a phishing email.

1. Identify the email’s sender.

Always double check who or where your emails are being sent from. If you’re not familiar with the sender, or it’s not someone you usually communicate with, err on the side of caution. Often, fraudsters will use emails that disguise themselves. Other times they’ll be fairly similar to legitimate emails used by businesses or people you’ve had communications with. If the email address replaces letters with numbers or contains a suspicious domain, it’s most likely a phishing email. These emails bet on you quickly skimming over the sender, not noticing any of the minor details.

2. What’s stated in the email’s subject?

Or what isn’t? Phishing emails may not have a subject line at all, or looks like it’s a reply to a message (RE: subject header) that you didn’t send. These are telltale signs of a fraudster email or cyberattack. If it’s a group email, don’t forget to take a look at the other individuals that were CC’d, to see if you recognize any or if it seems random and unusual in any way.

3. Evaluate the email’s content.

Phishing email addresses may be disguised to look like it’s from a legitimate company, but will often look unprofessional and contain bad grammar or spelling errors. The content or request in a phishing email will be out of the ordinary and unlike other messages you’ve received from the sender in the past. Messages tend to be illogical, demanding, and prompts quick action of the receiver. If the email contains only a link or an attachment, steer clear!

4. Review the links and attachments.

Speaking of links and attachments, be wary of emails that strongly urge you to click a link or open an attachment in order to avoid any negative consequences. Take a look at the attachment’s file name, does it look suspicious? Are there any misspellings? You can also hover over links and images that prompt you to click them to see what URL appears and where it may be taking you. If the website it redirects you to doesn’t look right, don’t click it.


Many times people become victims of phishing emails because they are hard to detect upon first glance. Be sure to take a look at the minor details that are common tactics used amongst fraudsters. If you receive a phishing email you should delete it or report it as soon as possible. Try your best not to open the email, and definitely do not respond or provide any type of information.


Source: Information courtesy of CUNA Mutual Group

Fraudulent Text Messages claiming to be from HFS are being sent. If you received a text and are unsure of its legitimacy, please contact the credit union.