Skip to content

Steps to Identify a Phishing Email

Phishing attacks from malicious hackers are becoming more prevalent in an age where we exchange information and data electronically through email. Given the sensitive nature of their businesses, law offices and CPA firms are natural targets for phishing attacks. Please be aware of this possibility and the steps you can take to protect yourself from malicious email. There are two simple things in an email you can use to determine, in most cases, whether it is legitimate. First, identify the actual original sender. Second, identify web links and pictures before clicking on them.

To identify a sender, a quick and easy step is to disregard the name in the “from” field and instead trust only the email address and domain. To use our firm as an example, our email’s domain would be If you were to receive an email with any information from us that did not have our exact domain, it would not be legitimate. Be especially keen for close cases, such as if an imposter tried to use,, or some other similar variant. This rule applies in most cases, but there will be the inevitable organization that may actually utilize more than one domain. Your discernment — use of a safe-sender list, or asking a trusted contact within a company — would be effective when considering what may be a real email sender.

The process of identifying web links may be more involved. First it is important to note what constitutes a web link; if you’re guessing “anything you can click on” then you’re exactly right. Always be very careful when clicking any specific object in an email, including pictures, web link URLs, files, etc. Carefulness includes reading the link source and determining whether it appears legitimate. If you’re on a computer you can ‘hover’ your mouse over a link to see the source URL. You could open a new tab and type in the main website yourself to see if the official page address corresponds with the link available in the email.

Other things to look out for can include whether the email is contacting you in an unsolicited manner, introduces a sense of urgency, includes spelling mistakes, uses a vague salutation, requests personal information or login credentials, or if it appears to be an official organization but something (logo, titles, website, signature, etc.) doesn’t quite match exactly.

If you identify a message as spam or phishing, please delete it immediately.

Please be aware, TJT uses Citrix Sharefile and Citrix RightSignature for secure document transfer and e-signing. You will not receive secure documents or signature requests from TJT through any other service, so please be extremely cautious when approaching anything claiming to be from us that says otherwise.

If you would like more information on scam or phishing emails, please refer to the Federal Trade Commission’s page on the matter:

Blog comments