All of us have read the stories in newspapers about people who fall for scam emails, also known as phishing emails.
Often, we will think ‘what an idiot they must be' and pat ourselves on the back, knowing that we would never fall for such a scam.
But despite the high awareness of spam and of phishing emails, they are still one of the most common and successful types of cyber-attack.
With phishing attacks on the rise, it pays to be aware.
Contrary to popular belief, it's not just the technically uneducated who can fall victim. Even ‘those in the know' get caught out now and again.
Below I'll explain what the various types of scams are and the nine telltale signs to look out for to avoid becoming a victim.
Want to stay safe? Let's get going.
What places you at risk of receiving Phishing Emails?
Most cyber-criminals are not stupid and their emails are getting more and more sophisticated and convincing.
A recent study conducted by the University of Stamford in collaboration with Google found that there are a number of identifiable factors that place people at a higher risk of receiving a phishing email.
It found that while 42% of phishing attacks are targeted at the USA, users in Australia, which has a far lower population are more likely to receive an individually targeted email.
Your age makes a difference too. The study found that if you are in the 55-64 years old age range, you are 1.64 times as likely to experience an attack compared to those 18 to 24 age bracket.
That's undoubtedly because older internet users are seen as statistically more likely to fall for such a scam than their younger and more tech-savvy neighbours.
But perhaps the biggest impact is whether your personal data has been leaked online or not.
If your data has leaked, you are a whopping five times more likely to be on the receiving end of phishing scams and malware attacks.
But information security experts will concur that pretty much every internet user is likely to be targeted by phishing attacks at one time or another.
So it is important not to get cocky but instead be sure that you know what to look out for and how to avoid falling victim to a phishing attack.
What types of Phishing attacks are there?
There are a number of different forms that a phishing attack can take. Below I'll explore the most common.
These are by far the most common type of phishing scam people are likely to encounter and the main focus of this article.
These will pop up in your inbox on a PC or mobile device, regardless of what operating system or safety features you have in place.
They will sometimes be from what appears to be legitimate and known sources, sometimes not.
Usually, the email will encourage you to click on a link that will take you to a fake phishing site, often indistinguishable from the real thing, where you will enter your personal information.
Sometimes, it might encourage you to give your credit card details, make a payment, or open an attachment. All of these are phishing techniques used by scammers to try and either tempt you into a data breach or access your device.
Often they will be sent far and wide but if you have been targeted individually, you might receive a tailored spear phishing email written to you personally.
As phishing scams go, domain spoofing is a simple one. It involves setting up a fake email address with a URL in the address bar that is almost identical to a genuine one.
For example, you might receive an email from [email protected] instead of @barclays.com.
Such email messages are designed to get you to click a link to a fake web site or social networking site that has a fake URL but which looks genuine in the address bar. It will however be sending personal information to the phishing scammers.
This is the telephone equivalent of email phishing and involves a scammer impersonating a genuine person or company on the phone to try and get you to share bank details, credit card numbers, or other personal details with them.
This phishing technique involves text messages and operates in the same way as the previously detailed about normal phishing attacks.
It involves sending fake text messages, pretending to be from a legitimate source and encouraging you to click on a link or share personal information with them.
This text message may sound genuine but it will come from a number you don't recognise and this should be a clear warning sign that it is a fake text message. Text messages of this kind should always be ignored.
This type of phishing scam involves duplicating a previous legitimate message sent via email, text message, social networking site, or another means. But it replaces the URL, website link, or contact information with fake details.
A common phishing scam involves manipulating or spoofing a legitimate website.
This can involve such tactics as identifying a vulnerability in a genuine website, rerouting traffic from a safe to an unsafe website, creating fake phishing sites with close URLs to catch people who make typos, and even a fake lock icon to make an insecure website appear secure.
With all these different types of phishing scams, many coming through email, it is easy to feel overwhelmed by the scale of the problem.
But don't worry. It is not rocket-science to avoid phishing scams and in this article, we are going to outline 9 simple ways to do just that.
1. Phishing emails contact details
A quick and simple way to tell if an email is suspicious is to look at the contact details it provides.
A phishing email will often include a reply-to email that is inconsistent such as ‘[email protected]‘.
It might use a different domain to the website they are pretending to be. This is likely to be a fake domain.
Often, scammers will use a free webmail account. Remember, anyone can set up one of these and companies will rarely use them to contact you especially financial institutes or large companies.
Always look at the contact details carefully. If an email address looks in any way suspicious, don't hesitate to be suspicious.
If they are clearly fake, just send the email to your spam folder. If you are not sure, seek out contact details from elsewhere by visiting their official website directly, not clicking a link in the email and contacting the company directly that way.
2. Poor speling or grammer
Businesses might make the odd spelling or grammar mistake but usually, any official communication will be written very accurately.
Phishing emails are often not drafted with such care.
Cyber-criminals are located all over the world and many are not native-English speakers. This fact can often be seen in their emails which are badly written and riddled with spelling and grammatical errors.
For example, it might start by asking you to ‘log in for your account'. Basic names and words might be misspelled, like places or the company itself.
If you receive an email full of this type of mistakes, you can be pretty confident that it is dodgy and send it straight to your junk box.
3. Fake-looking websites
We have already cautioned that fake phishing sites can look almost identical to the real thing, meaning it is easy to get taken in by them. But this is not always the case.
Often a phishing scam will link to you an obviously fake, badly designed website.
If you click on a link in an email on your PC or mobile device and you see a website like this, be sensible. Close the website and don't click on the link again.
Better still, report the email as spam and send it to your junk folder. You could even submit details of the scam and the link to your local internet crime complaint center.
Don't just rely on the lock icon next to the web address either. This can be genuine that the website is secure for communications but it is no guarantee that a website is safe or legitimate.
4. Urgency to act
Phishing emails will always be urging you to take action fast. Often they include phrases like, “there is a problem with your order” or “you must take action now”.
That is because cyber-criminals know that these sort of scams only work when people react instantly because they are worried about consequences if they don't.
In contrast, if a business or your bank ever did need to email you about something, they would never push you to respond immediately.
Instead, they will always allow plenty of time because they know that not everyone checks their emails daily.
So, if you have an email urging you to take action immediately, the chances are it is a phishing scam and can be ignored.
Be very wary of emails with attachments.
Businesses or your bank would never ordinarily email account or private information out to you as an attachment. Rather they would ask you to visit your online account to see documents there.
But phishing emails will often contain attachments and push you to open an attachment as fast as possible.
Frequently, these will claim to be bills, important documents, or contain information about money you can claim. Such attachments are almost always malicious and will frequently download malware onto your device.
If you see an email message with attachments of this kind, never open the attachment.
Either assume the email is a phishing email or log onto your online account to check it.
6. Close match domains
Another common trick in phishing emails is to try and redirect you to fake websites.
Often, these will have domain names that are extremely close to the real thing but contain one small difference.
If you are reading in a hurry, these small differences can easily be overlooked.
For example, paypai.com can look like paypal.com if you are skimming through an email. If you do click on a fake domain like this, the site you end up on can be indistinguishable from the real thing.
Always check the spelling of any domain before you click on it. Also make sure to ‘hover' over the domain to see where it's taking you because what it says and where it links to may be two different things.
Better still, don't click on email links at all but rather do some internet browsing and enter the domain name into your browser yourself to be sure you are visiting a genuine site.
7. Sketchy Links
Phishing emails will often include sketchy links. Sometimes they will be to close match domains but often, they are just to fake sites masquerading as the real thing.
If your website is inviting you to visit www.postoffice.biz or something similar, you can be pretty confident it is a phishing email or some other type of scam.
The best rule is not to click on any links in an email even if everything else looks genuine. Instead, visit the website the old fashioned way and log into your account rather than taking any unnecessary risks.
8. Take the necessary security precautions
Online security is key to protecting yourself from phishing scams. Because pretty much every one of us will make a mistake eventually. And when you do you need to make sure you have the right protections in place to keep you safe.
Choose strong security software for all devices and ensure that the security they offer is robust and up-to-date and feedback from other users is positive.
Always upload the latest security patches and the latest version of your web browser to help protect yourself from any possible threat.
On sensitive accounts, like a payment website, your credit card company account, your online bank account, social networking sites, and any other sensitive sites, make sure you have multi-factor authentication enabled to enhance your security and protect you from identity thieves and other scammers.
It's also worth considering using a password manager that will generate and store individual unique passwords for every site.
Online security has never been more important but with the right security in place alongside the other precautions we have recommended in this guide, you can keep your personal information, sites, account, and devices safe from scammers.
9. Always Think Twice
The hackers and con artist behind phishing scams are clever people. Most of them will be designing and writing their emails in a way to try and convince you to click on the link or open the attachment.
This means that if you are going to avoid falling victim to phishing scams, you will need to have your wits about you.
Trust your instincts and if you have any suspicions at all about an email, delete it, ignore it, and don't open it. If it is genuine, the sender will find other ways to contact you if they need to.
Get in the habit of always thinking twice before clicking on any links that appear in an email. Be sceptical and trust yourself.
If you have a doubt, you are probably correct.
Contrary to popular opinion, it is not just idiots who fall victim to phishing scams.
The fact that this type of cyber-attack is still one of the most commonly used illustrates how effective they are.
Anyone can fall victim to email scams, so we should all be on our toes.
In this article, we have highlighted nine ways to avoid phishing scams.
But there is one overarching rule that everyone should follow; if in doubt, assume an email is a fake and ignore it or contact the company involved directly to check.
What are your top tips for avoiding scam emails? I would love to know, so drop me a comment below.
Illustrations © Carlosbcna, Jozsef Bagota, Lkeskinen0, Sangoiri & Artsiom Kusmartseu | Dreamstime.com