Phishing emails are a huge burden for many businesses. Fortunately, many phishing emails are blocked by your email server before you receive them, but ones that get through can cause havoc to your computer or, in a worst-case scenario, your bank balance.
If you receive an unsolicited email, and you’re not sure if it is genuine, follow the tips below to identify if it’s a scam.
1. Check the from address
The first thing you need to do is check the authenticity of the sender’s email address. If the address does not contain the domain that is owned by the organization, such as “[email protected]” instead of “[email protected]”, it is most definitely a scam. Unless you are 100% certain that the email address is genuine, do not click on any links or give out any information.
2. The subject line and content looks off
The subject line is one of the first things you’ll see, and you can immediately notice if something isn’t right. An email with a subject line similar to “Important_Message_For_You! ~~ Respond Now!!” is instantly recognizable as a scam.
You can also spot a scam email if the formatting is messy or the branding isn’t in line with the apparent sender. Don’t be fooled by emails with a design identical to a legitimate one.
3. Personal information request
One of the top scam emails ask recipients to “verify” their information, such as their home address, telephone number, a password or bank details. This is almost inevitably a scam, and you should be very wary of any email that asks for this type of information. Companies you have dealt with in the past will very rarely ask you to verify information that they already know. If you are unsure, contact the company directly to check it is legitimate.
4. Common scam phrases
Often scammers will use scare tactics or enticing offers to trick the recipient into sharing personal information. “Do you want a £500 voucher? Click here now to claim it!” or “Fraudulent activities on your account” are common examples of phrases scammers use.
These types of emails link to a genuine-looking website with a form that asks for your personal information, such as your home address or bank card details. If you enter sensitive information on a phishing site, your details could be sold on, or money could be stolen from your bank account.
5. Hyperlink URL is different to the one displayed
If you are viewing an email on a PC or Mac, hover your mouse over the links (without clicking) to check the real address in the pop-up window. In the example below, the URL looks like it goes to PayPal when it is actually a disguise and links to a phishing site. Unfortunately you cannot do this on a mobile device, so wait until you can view the email on a desktop.
6. Strange attachments
Be careful of any emails you receive with attachments that aren’t from a familiar email address. Unless you are certain you know the sender, or have requested a document to be sent to you, do not open any attachments as they may be malware.
7. Bad grammar and spelling
One of the easiest ways to spot a phishing email is if the message is full of spelling and grammatical errors. Legitimate emails sent by organizations are often proofread by numerous people and very rarely have any mistakes in the message. If you spot an obvious error, treat the email as suspicious and be wary of clicking on any of the links or replying.
What to do if you receive a phishing email
Be suspicious of any unsolicited email you receive from someone you do not recognize. Scammers are often very clever at disguising a phishing scam as a legitimate email from a reputable organization. If you feel that something isn’t quite right with an email, you’ll almost always be right.
If you believe you have received a phishing email from someone claiming to be a specific organization, forward the email on to customer services so that organization is aware and can take action by warning other customers.
You can also report phishing scams to your email provider, who will take steps to identify the scammers and block future emails from them. Microsoft and Google have also written articles on how to report suspicious emails you receive.
If you’re concerned any of your online or email accounts have been hacked, change your password straight away. For extra security, download antivirus protection to ensure your computer isn’t affected by malicious scam emails. Unfortunately, this won’t protect against all phishing emails, but using common sense and vigilance will help to protect you from scams.