フィッシングメールを 10 秒で見分ける方法
2026 年 6 月 24 日 · 3 分で読みました · コメント
フィッシングは、アカウントが侵害される最も一般的な方法です。最近の詐欺メールは、説得力のある本物のように見えます。ここでは、毎回それらを示すいくつかの明らかな兆候を紹介します。
フィッシングメールの例
そのメールには、本文を読む前に少なくとも 5 つの危険信号が表示されます。それらを見つける方法は次のとおりです。
1.送信者のメールアドレスを確認する
- The display name can say anything — "PayPal Security", "Apple Support", "Your Bank". Click on it to reveal the actual address.
- Look carefully at the domain.
paypa1-support.comis not PayPal. Scammers use typos, hyphens, and look-alike characters (1 instead of l). - Legitimate companies always email from their own domain:
@paypal.com,@apple.com, etc.
2. 人工的な緊急性を見分ける
- Phishing emails create panic. "24 hours", "immediately", "permanently closed", "action required" — these phrases are designed to make you click before you think.
- Real companies don't threaten to delete your account in 24 hours over an email. If something were genuinely wrong, you'd see a notice when you log in.
3. クリックする前にリンクの上にマウスを移動します
- On a computer, hover your mouse over any link without clicking. The real destination appears in the bottom-left corner of your browser.
- A button that says "Verify My Account" might actually lead to
paypal-verify-login.ru. The button text is decoration — the URL is what matters. - On mobile, press and hold a link to preview the URL before it opens.
4. 一般的な挨拶
- "Dear Valued Customer" or "Dear User" means the sender doesn't actually know your name — because they sent this to thousands of random email addresses.
- Your bank, PayPal, and Amazon all know your name. They will use it.
5. 予期せぬ添付ファイル
- An invoice you didn't request. A "shipping label". A "document for your review". If you didn't expect an attachment, don't open it.
- Malicious attachments are commonly disguised as PDFs, Word documents, or ZIP files. Opening them can install malware silently.
10-SECOND CHECKLIST
☐ 送信者のドメインは正確ですか?
☐ それは緊急性や脅威を生み出しますか?
☐ リンク URL は会社と一致していますか?
☐ 本名を使用しますか?
☐ このメールを期待していましたか?
答えが疑わしい場合は、クリックしないでください。自分でアドレスを入力して、会社の Web サイトに直接アクセスします。
よくわからない場合の対処法
- Don't click any links in the email. Instead, open a new browser tab and type the company's address directly (e.g.
paypal.com). - Log in there. If something is actually wrong with your account, you'll see a notice after logging in.
- Report the phishing email using your email client's built-in "Report phishing" option. This helps train filters to catch similar emails for everyone.
