Elevity Services


Gain a deeper understanding of how Elevity’s approach to technology management will impact your organization.

About Elevity

Elevity is one of the largest and most capable technology management providers in the Midwest. Our team of technology experts can help you reach a truly elevated level of IT strategy, security, solutions and support.

A division of



How to Insure Yourself Against a Cyberattack

Learn more →



2675 Research Park Drive
Madison, WI 53711

A division of


10 Ways to Spot Phishing Email Scams in 2021

Nick Bambulas
Facebook LinkedIn Twitter Email

By now, you’re likely well aware that a Nigerian prince isn’t sending you personal emails offering to pay you millions in exchange for helping him get his royal fortunes out of the country. All he asks is that you supply your bank routing number and some personal information.

To many, the absurdity of this classic email hoax is laughable, but studies show that most users are overconfident in their ability to detect phishing scams. Nearly all phishing attacks happen by email, and hackers are becoming more cunning and sophisticated as they evolve their tactics to deceive unaware employees and individuals.

About three in four organizations in the United States experienced a successful phishing attack in 2020, which is 30% higher than the rest of the world, and a 14% increase from the year before. It’s clear that organizations need to better equip their employees to detect these scams.

Here are 10 signs to look for when determining whether an email is legitimate or a scam: 

  1. COVID-19 Vaccine Information
  2.  Unexpected Attachments
  3. Inconsistent URLs
  4. Action Required: Requests to Update Information
  5. Misspellings and Poor Grammar
  6. Something’s “Off”
  7. W-2 Form Request
  8. An Email from the CEO
  9. You’ve Won a Contest
  10. A Tone of Desperation

1. COVID-19 Vaccine Information

Not surprisingly, hackers are looking to capitalize on the pandemic by trying to convince people to reveal sensitive information or click on a malicious link or attachment. Watch for subject lines promoting vaccine registration information and requirements, or even sensational headlines promising cures or sure-fire alternative ways to avoid infection. Do not click on any links or fill out any official-looking forms. Instead, go directly to your healthcare provider or the Centers for Disease Control and Prevention (CDC) website for the most current and accurate information.

2. Unexpected Attachments

An email with an attached fake invoice is a common type of phishing scam. Never open an attachment you weren’t expecting — even from someone you know. The best thing to do is step away from the mouse!

3. Inconsistent URLs

If the web address URL within an email displays differently when you hover over it, it’s likely an attempt to hack your computer.

4. Action Required: Requests to Update Your Information

Emails claiming that you need to update your account are classic attempts to obtain access to personal information and should cause immediate suspicion. They may appear to come from your social media accounts, online shopping services, payment apps, the IRS, a bank or other institution. Most institutions will never request login credentials, account numbers, financial information and other personal data via email.

Some examples of common phishing subject lines might look like:

  • Changes to your health benefits
  • Google Pay: Payment sent
  • Twitter Security Alert: new or unusual login
  • Your Amazon Prime account: Action required
  • Important security update required

Get Blog Updates In Your Email

5. Misspellings and Poor Grammar

We all make spelling errors on occasion, but when an email is riddled with obvious grammar mistakes and poor sentence structure, it’s a clue that an email was written either by a computer program or a foreign hacker who’s not associated with a professional organization and may be making a poor attempt at using Google translate.

Look for legitimate company contact information and confirm it by separately typing it into Google (never by clicking within the email). Don’t click on any shortened links which may be trying to fool Secure Email Gateways.

6. Something’s “Off”

Is the formatting of the email different than usual with strange spacing or margins? Is the company logo pixelated or are the colors off? If you’ve subscribed to an email list from a reputable company and regularly receive correspondence from them, be wary if those emails suddenly show up in your inbox looking differently than they normally do.

7. W-2 Form Requests

This scam is especially prevalent around tax season. The email may appear to come from a company’s internal HR department or high-level executive requesting an employee’s W-2 form. When released, the scammer can file fraudulent tax returns and claim any potential refunds.

8. An Email from the CEO

Who wouldn’t comply with the CEO’s request? Chances are, that request to transfer funds, pay an invoice or release sensitive information on his or her behalf is really coming from a scammer. Hackers are becoming masters at researching a company’s high-level personnel and then impersonating them.

9. You’ve Won a Contest!

Did you actually enter a contest? No? Then it stands to reason you didn’t win one.

10. A Tone of Desperation

Don’t fall for emails with a sense of urgency claiming that your “immediate action is required.” If the email claims that your account has been compromised or that the account will be closed unless you respond right away, it’s a sure sign something’s up. Instead, try logging into the account from a separate browser using your normal means of accessing it.

Display Our Infographic in Your Office!
Cybersecurity Tips for Employees

What to Do If You Receive a Phishing Email

If you receive an email that looks suspicious, follow these phishing email best practices:

  • Don’t open the email
  • Immediately delete the email
  • Do not click on or download any attachments
  • Whatever you do, don’t click any internal embedded links
  • Don’t reply to the sender
  • Inform your IT department and others (consider taking a screenshot to help others identify potential scams)

If an email appears to come from someone you know, or from an organization you’ve dealt with before, don’t reply. Instead, contact the individual or company some other way to follow up, or manually access your online account by separately entering a known URL into your browser.

Also, don’t forward a suspicious email to ask if it’s legitimate, even to your own IT department. Instead, pick up the phone or send a separate email explaining your concern. Then, delete the email, empty your trash and, as Dory would say, “Just keep swimming.”

What to Do If You Suspect You’ve Taken the Bait

Think you might have fallen for an email phishing scam? Here are some immediate steps you should take:

  • Immediately turn off Wi-Fi and disconnect from the internet in hopes you can limit a hackers access to your network
  • Contact your IT department or managed IT provider
  • If you clicked on a link to a fraudulent website, write down any information you entered (username, password, address, etc.)
  • Change your passwords
  • Scan your computer for viruses or malware
  • Report incidents of successful breaches to the Federal Trade Commission (FTC)
  • Improve your security posture by working with an experienced managed IT provider

Better yet is avoiding these attacks in the first place. To see how prepared you are for a cyber incident, take our free, online Cybersecurity Risk Assessment. You’ll be guided through 15 critical questions and provided a security score at the end. Just click the link below.

Then, take a proactive approach to securing your networks and systems by reaching out to us here at Elevity and the Gordon Flesch Company. We’ll help you reel in your security concerns.

New call-to-action

Subscribe by Email