How to Spot Phishing Emails

March 19, 2020

How to Spot Phishing Emails

By Chris Brunau

Phishing scams are getting more sophisticated on a daily basis, thus harder to detect and avoid. With the abundance of file sync and share platforms, phishing scammers are impersonating these services and sharing fake documents or folders in an attempt to infect your computer. 

For those of you who aren't in the Cybersecurity industry, here are some important tips for you. 

If you receive an email that looks like it may be phishing, check the “show details” dropdown under the sender’s name. You will see a section labeled as “signed-by”. This field can help determine if an email was shared securely from a service.

The goal is to determine if the signed-by field was generated by a DomainKeys Identified Mail (DKIM) or a service. A DKIM attaches a domain identifier to the signature to display an email generated by a user in the domain. For example, if you received an from, you would see a DKIM in the signature that looks like this This is how all emails through a domain are processed.

Emails shared through a service (i.e. Drive, Calendar, Dropbox, Box, Etc) do not have a DKIM. Instead you would see the signature of the provided service. If something is shared through Dropbox for example, you would see: signed-by

Below is an example of a secure file that was shared through Google Docs:

Note the "mailed-by" section is signed by a service.

Now let's look at this phishing email.

Besides the giant red banner warning, you can tell this is risky because:

  1. It was a shared file that was BCC’d and not shared privately from the service.

  2. Note the suspicious "to" address

  3. The subject has a very generic name.

  4. The signed-by field is sent from an email and not the service (should be or The mailed by field also should list the service it is being sent from.

If you receive a file, and it is not signed by,,, it is likely phishing, so DO NOT OPEN. Much like dealing with ransomware, it’s important to remain vigilant and operate with caution in these circumstances.

Relevant Articles

Subscribe to the Blog