• Security Tips

URLs Are Only Half the Story

Latest Scams Image 2

If you’ve taken security awareness training, you have probably been taught to hover your cursor over a link to view the destination URL. Checking the URL for things like misspellings, unofficial domain names, and sneaky subdomains is a great way to protect yourself against phishing links. But, the URL could appear legitimate and still lead you to something malicious. Cybercriminals can use hijacked websites, websites that appear safe, or services like Dropbox or Google Drive to spread their phishing attacks.

While you should definitely make a habit of checking links before clicking on them, it is important to know the other red flags to look for in a suspicious email. Try examining the email by asking yourself some of the following questions:

  • Is the body of the email specifically addressed to you?
    • If the email starts with “Dear User” or any other vague term instead of your name, this could indicate that the email is a phishing attack that was sent to a number of other people.
  • Are there obvious spelling or grammatical errors?
    • Nowadays, spell checking is built into most email clients and mobile keyboards. Obvious spelling and grammatical errors could indicate that the message has been poorly translated from one language to another.
  • Was the email received at a strange time?
    • If the email was not sent during business hours or at a reasonable time in relation to your location, this could indicate that the sender is in another country. 
  • Were you expecting this email?
    • For example, if the email says you have a delivery ready for pick up, think about whether or not you made a recent purchase.
  • Is there a sense of urgency in the email?
    • Cybercriminals love creating a sense of urgency to trick you into impulsively clicking on a link or opening an attachment. Consider phrases like “ACTION NEEDED” to be a red flag.
  • Are you being asked to do something that isn’t typically part of your role?
    • For example, if you are in customer service you wouldn’t typically be asked to provide information about the organization’s financial statements.

If you still struggle to determine the legitimacy of an email, try looking outside of your inbox. For example, if you receive a notification email from a service you use, open your browser and navigate to the official website. Then, log in to your account to verify the legitimacy of the notification email. Or, if you are contacted by an individual, call the sender to confirm that the email really came from that person.



Knowbe4 Logo

Stop, Look, and Think. Don’t be fooled.

Like This Post?

Facebook
X
LinkedIn
Email

More Posts

Speed Test Blog Image
Technology

Know Your Numbers: A Simple Guide to Internet Speed Tests

Nothing is more frustrating than being in the middle of a video call and experiencing choppy, pixelated picture or audio. Or, if you’re trying to update your computer or gaming system, and that download loading bar is barely headed toward

May 29, 2026
Guest Wi-Fi Blog Image
Technology

Why Every Home Needs a Guest WiFi Network

Most people think of WiFi as a single network. A friend visits, asks for the password, and you share it without much thought. What many people don’t realize is that sharing your WiFi password may also give guests access to

May 29, 2026
Virtual Game Night Image
Technology

Host a Virtual Game Night Without Lag

Hosting a virtual game night is a great way to stay connected with your friends and family, especially when everyone is joining in from different places. Whether you’re catching up with friends or planning something fun for everyone to do

May 1, 2026
Tech Energy Costs Image
Technology

Reduce the Energy Costs of Your Tech

Most of us think about saving energy by turning off lights or adjusting the thermostat. But today’s homes run on something just as important: connectivity. From streaming and remote work to smart thermostats and connected devices, technology plays a bigger

May 1, 2026
View All Posts