What is phishing?

Phishing is the fraudulent practise of sending emails pretending to be from a company in order to persuade individuals to reveal personal information, such as passwords and credit card details.

How to spot a phishing email?

There are a few things that give away a phishing email. I will give you examples so it is easier for you to spot.

Unofficial “from” email address

Do not simply trust the sender name. Anyone could set their name on their email account to be PayPal, but this doesn’t mean that they work there.

You should always check the actual email address. Sometimes fraudsters will slightly misspell something in their email address so it looks similar to the actual company, whereas others will have the actual company name but will finish with a public domain.

What I mean by this is, a company like PayPal would not have their email address ending ‘@gmail.com’ – they will have their own email domain and would have no need to use Gmail or any similar service.

One simple thing that you can do is to google the email address. You’ll then be able to see if it is a company’s legitimate email address, or other people may have reported this email address warning people to stay away. This can give you extra certainty.

Forged link

You should NEVER click on a link received in an email unless you have checked it first, even if it is from a colleague or trusted individual (you never know if their account is secure).

Links can be manipulated so that they seem like they will take you to a legitimate page, but this is not always the case.

The email may say “click here to go to Google”, but this does not mean that the link will take you to Google at all. However, if you hover over any link with your mouse, the true URL will be shown in the bottom left of your screen. Another thing you can check is whether the URL begins with https:// – this means that the site is secure.

Marked as urgent

Phishing emails will often be written with a sense of urgency, and may even be marked as requiring an immediate response.

This method is used to scare people into quickly trying to resolve an issue. An example of an email like this may read “your account will be deleted in 24 hours” – followed by “click on this link to prevent” or “send us your password and we’ll stop this for you”.

Requests personal information

No legitimate business would ask you to submit any personal information over email, as this is not a secure method of communication. Therefore, if you receive an email telling you to reply with your bank details, it’s a fraud.

Suspicious attachments

Do NOT click on an email attachment unless you have first checked it. Even if it seems harmless, it might contain malware, and as soon as you open that attachment the malware is on your computer.

Even if you’re expecting an attachment to be sent over from someone, check to make sure it actually is that person contacting you.

Other signs that an attachment is illegitimate is your computer may flag it, saying that the attachment may contain harmful data.

If you have anti-virus software on your computer (which you definitely should have anyway!!) you may be able to scan the file first and this can highlight any potential threats.

Generic greeting

When a business gains a new customer, they are likely to collect some information on that individual, e.g. your name.

So, if you see an email from a business which you have already been in contact with and the email starts with “Dear customer” then it is likely that this is not a legitimate email.

Most companies (especially large ones) will send email greetings with your name in.

Spelling and grammar issues

Big companies such as Google or Amazon have positive reputations to maintain. As a result of this, they aren’t going to send out an email to millions of their customers if it is riddled with spelling errors and certainly not if it doesn’t make sense at all.

Hopefully this article has made it easier for you to spot a scam email. If you do receive one, the best thing to do is just delete it!

Keep your inbox safe!