Skip to main content
Page photo

Cybersecurity Awareness Month

Week 4: What to Look For

Happy last week of Cybersecurity Awareness Month! Last week we learned more about what phishing is, and how those attacks can be a danger to your personal information. This week, we’re showing you questions you can ask yourself if you think an email is part of a phishing attempt. We’ll review an email from top to bottom to identify some red flags you might find.

Start at the Start

The From, To, and Subject lines in an email have lots of information you can use to ensure your data stays secure:

  • From:
    • Do you recognize the sender? If not, be wary of the information you’re receiving.
    • Are there sneaky swap-outs, like the number 1 instead of an i, the letter o instead of the number 0, or perhaps an uppercase I instead of a lowercase l? This is a sure sign of someone trying to trick you into thinking they’re someone they aren’t.
  • To:
    • Was the email sent only to you, or to a group of people you may not know? Were you in the CC: area instead of on the To: line? This could be an attempt to phish many people at once (yourself included)
  • Subject:
    • Does the subject line match the content of the email? If not, be suspicious.

Mind the Middle

The content of the email itself is where the attacker is going to push to get your information.

  • Does the email address you by name, or are you “Sir/Madam”?
  • Is there a sense of urgency? If there’s a threat, or prize, designed to get you to immediately follow their directions, you should take an extra few minutes to determine if this is a scam.
  • Is there poor grammar or many misspellings? While people sometimes make mistakes, a reputable source will often have editors check their emails out, so they should not be making multiple errors.
  • Think a logo means they’re real? Think again. Logos and contact information can be found and taken from company websites without the company’s permission, so don’t automatically assume that a logo means they’re legitimate. 
  • Are they asking you to reply with your sensitive information (username and password to your online banking, your PIN number, or SSN)? STOP IMMEDIATELY. No organization should ever request your password, PIN number, or other sensitive information. This is the biggest red flag, and the most important one to identify.

Don’t Get Attached

Attachments and links can be rife with cybersecurity threats.

  • Attachments
    • Were you expecting the attachment? If not, be cautious.
    • Is it something other than a .txt file? Files that end with .doc, .docx, .xls, .pdf, as well as others can hold harmful material. If you did not request or expect an attachment with these file types, don’t rush to open them. 
    • What is the name of the file? Often, attackers will try to entice you with a file name that is related to your banking information or something about your private life. Don’t be fooled!
  • Links
    • Is the link going to the same place it says it’s going to? Links can be created so that it says it’s going to one site, but really goes somewhere completely different. By hovering over a link in the email, it will identify whether it’s going to the correct place. Always check before you click on the link.
    • Is it an https site? The “s” indicates that the website has security measures in place to keep their site (and your information) protected.


  • Centreville Bank will never send you an email requesting your sensitive information, or any attachments and links without first informing you by phone or other means.
  • When in doubt about the legitimacy of the email or its content, contact the source from a known number – and never the one in the body of the email.