Beware of Phishing Scams
Phising Scams are a regular occurrence of harmful emails
targeting innocent users.
The links contained in these kinds of email tend to take users to
‘phishing’ sites – websites deliberately set up to fool customers and convince
them to provide sensitive data such as personal or financial information.
Attachments often initiate the downloading and running of harmful software
or take the unsuspecting user to very convincing looking malicious websites.
Phishing attacks are so popular with criminals because they’re easy to do,
they often fall under the radar of conventional antivirus monitoring or mail
filters, and the victim only has to let their guard down once – a single
mistake is all it takes.
While some phishing attempts are almost laughably obvious, others are much
more subtle and difficult to detect, and users must be continually on guard to
protect themselves.
So what should you look out for, and what can you do to keep yourself safe
from phishing attacks?
1) Check the sending address
A quick check of the sender’s email address will often alert you to the
fact that the email isn’t actually from who it says it is.
But remember to check the address, not just the sender’s name.
Sometimes, the sending address isn’t obviously wrong. If you’ve received
an email pretending to be from HMRC, for example, an obvious phishing email
might come from an obviously wrong address, but would you notice an email sent
from hrmc2010.co.uk with just a quick glance?
And remember also that not all phishing emails will have a suspect sending
address. In fact, the scammer might have hijacked a proper email address for
sending their phishing emails.
So while this will help you to identify most phishing emails, it isn’t
bulletproof.
2) Check the content
Obvious phishing emails often contain such bad spelling and punctuation
it’s almost like the scammer isn’t even trying (though there is an argument
that says this is deliberate, to ‘filter out’ less gullible readers).
Many phishing emails aren’t so obviously bad however. But there are often
tell-tale signs, like the fact that phishing emails are often written by
non-English speakers.
When foreign language text is translated into English, spelling (for
example) might be accurate, but the email won’t necessarily ‘read’ well –
literal translations are very rarely entirely correct and are easily spotted by
a native English speaker.
So, always carefully read the email. Does it ‘feel’ genuine? Hopefully
anything suspicious will quickly become apparent.
3) Were you expecting the email?
Were you expecting that out of the blue email about an outstanding
payment, password expiry or account deactivation?
If you weren’t you can check elsewhere whether your regular payment has
gone out or whether you can still login to your account, for example. Treat
anything that’s asking for information from you with suspicion.
4) Check for suspicious-looking attachments or links
Before you even consider clicking on a link, check the destination
address. This is easily done on a PC by hovering your mouse over the link and
waiting for the address to pop up. On mobile you can achieve the same by long
pressing the link – after a while the address of the link will appear.
A legitimate link will point to the website of the reported sender. A
suspicious link will more than likely point somewhere else entirely.
When it comes to attachments, ask yourself why your provider would want to
send you one. Other than perhaps a PDF file containing updated terms and
conditions or a receipt, there is little need.
5) Check for a sense of urgency
Many phishing emails want to rush you into an action – to click on a link
or download an attachment without thinking it through.
That’s why they’ll often request you take action within a certain short
timescale (like an hour), or will threaten you with a ‘your account will be
deleted’ message.
If you think the email is genuine and there really is a sense of urgency,
contact your provider direct and ask.
6) Don’t fall into the trap
If you’re not certain about the email you’ve received, you can contact the
supposed sender in other ways to check. They should be able to tell you if it
is legitimate or not.
And the most important advice is that unless you’re absolutely certain
it’s legitimate, don’t click on those links or attachments, delete the email
and report it (to your email provider and the reported sender).
We hope these tips will help you to better identify and deal with phishing
emails. And remember, if you do receive one, don't panic. Receiving the email
is harmless - just don't give them what they want.