Phishing Scams: How to Identify Suspicious Emails

By Lindsey Schrant

How many emails do you get on daily? 20? 30? 50? It's hard to avoid signing up to receive emails because we don't want to miss out on the next big thing! But the more your email is out there, the more likely you are to start receiving some shady emails. Your email provider for sure has spam filters in place, but every now and then a suspicious email can make it to your inbox.

Sometimes these sus emails can be what's called "phishing" (pronounced "fishing"). Phishing is "an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques," according to the United States Computer Emergency Readiness Team (US-CERT) Website. These social engineering techniques can range from false phone calls, in-person visits, or emails, to more recently, social media campaigns.

TLDR: Phishing emails imitate legit companies by sending emails that look official. Everything in the email looks the same (like a logo or particular verbiage) and may link to a seemingly real business page. But in fact, they are taking you to a spam site to collect your personal information - specifically financial info. Ensue panic.

  • In 2019, phishing attempts accounted for 90% of data breaches - 90%!!1
  • 30% of phishing messages get opened
  • 1.5 million new phishing sites are created every month2

Still don't believe it? Try this on for size:

According to Fortune Magazine, KnowBe4 conducted a fake online phishing test from April 1 to June 30, 2017. They sent 6.6 million bogus messages to 2 million individuals. During their test 22,060 people fell for one of their top 10 phishing emails.3 Each of the participants that clicked on the link in the email could've caused a real data breach had it not merely been a test. It is noted that more individuals fell for alternative phishing emails, and this is only the number for those that clicked on one of the top 10. So that number, in reality, is even bigger than 22,000! Crazy, huh?

Here are the top 10 subject lines of their most successful phishing emails:

Security Alert (21%)
Revised Vacation & Sick Time Policy (14%)
UPS Label Delivery 1ZBE312TNY00015011 (10%)
Breaking: United Airlines Passenger Dies from Brain Hemorrhage - Video (10%)
A Delivery Attempt was Made (10%)
All Employees: Update Your Healthcare Info (9%)
Change of Password Required Immediately (8%)
Password Check Required Immediately (7%)
Unusual Sign-in Activity (6%)
Urgent Action Required (6%)

Percentages based on phishing emails that tricked 22,060 people (Q2 2017)

Seems a little more real, right? How often do you receive and click on links from emails similar to these subject lines? We are all at risk for falling for this false advertising because phishers are getting smarter and smarter with their tactics. It's a scary world out there, folks!

Did you just say a 4-letter expletive word? Us, too.

Phishing scams are scary no doubt, but you can avoid becoming a victim by getting familiar with fraudster "go-tos" and red flags.

Be aware of the most common phishing scams

Tech support scams

False claims about your account to get you to reveal your information

Social media

Providing false information through messaging on social media platforms (namely Facebook or LinkedIn) to get you to give away your credentials

CEO Fraud

Emails "sent" by your boss/CEO to get wire transfers or other forms of payments sent somewhere, particularly overseas

Infected attachments

Downloading documents or .HTML links so they can hack into your files

Watch out for these red flags to identify online phishing scams:

  • Obvious misspellings in bodies of text or weblinks
  • Accounts urgently needing updated banking or personal secure information like date of birth, Social Security Number, or account password
  • Unbelievable offers (i.e. trips to the Bahamas you've "won" but never submitted information for)
  • The emails come from a personal account and not the domain of your trusted provider
  • The email threatens false debt-collection claims (i.e. fictitious case number, threatens your employment or taking legal action, etc.)
  • The email asks for an advance payment or pre-payment
  • The email requires funds to be loaded to a prepaid card (even gift cards) or sent with a wire transfer
  • The webpage is identical to a real business webpage, but the URL is a variation on spelling or from a different domain (i.e. .com vs .net)

Make sure you verify before you identify:

  • Confirm the person or provider you are trusting your information with is who they say they are. This holds true for any case whether you received an email saying your account balance is low and need to transfer funds immediately, or you've just 'won' an all-expenses-paid trip.
  • No matter the circumstances, if you feel that the email or claimed information is false, do not provide them with your personal information.
  • Call or email the valid contact information for the business (not ones listed in the suspect email) and verify that the claimed information is correct. Any respectable customer service base will gladly share with you if it's a verifiably accurate campaign. If they tell you it is false, report the email or other social interaction as a phishing scam.

We've got your back...

At Speedy Cash, we understand it's a difficult decision to trust your money and financial data with a business. Worrying about finances can be hard enough without also having to stress over possible data breaches and unsecure networks. Our employees are regularly trained to identify and defend our network against any phishing scams. We have a skilled Fraud Department that proactively mitigates and keeps up with any known scams falsely claiming to be Speedy Cash. Our webpages have earned the McAfee® SECURE and the Norton SECURED certifications, so you know that your information is with a trusted vendor. We also have an award-winning team dedicated to cybersecurity. #humblebrag

Ron Shuck, Director of Information Security at CURO Financial Technologies Corp (the holding company for Speedy Cash) provided some helpful tips regarding links in emails. "Instead of clicking on a link to view information about package delivery, type in the address for the UPS site or Google it, and go from there. Scammers will create links that look like the real deal with a subtle difference (e.g. instead of Notice the extra "e". These "fake" sites will look like the real site, but their purpose is to steal your information." Check out the airbnb email example. Notice anything off? How about the extra characters in the from email address?

Ron also suggests, "The best protection is to avoid opening attachments unless you were specifically expecting one." He added, "It is important to remember these tricksters will replicate emails or even websites for legitimate companies to try and trick you."

Remember: never give your sensitive information to anyone unless you can verify that they are indeed who they say they are and that they should have access to this information.

Quick reference resources

The information included in this article has been reviewed and approved by Ron Shuck Director of Information Security at CURO Financial Technologies Corp.

1Verizon. (2019, May 19). Retrieved from
2 (2017, September). Retrieved from
3 Robert Hackett. (2017, July 13). Retrieved from

Lindsey Schrant
Read more from Lindsey
Hello, there! I began saving money at a young age by cutting out coupons from the Sunday newspaper. In those days, the fruits of my thrifty handiwork went toward treats for my beloved pets! Today, I still find it incredibly satisfying when I find a great deal or discover fresh, new ways to live a frugally full life.

Recent Articles