Phishing emails: 6 ways to spot and avoid becoming a victim

Phishing Emails

All of us have read the stories in newspapers about people who fall victim to scam emails also known as phishing emails.

Often, we will think ‘what an idiot they must be’ and pat ourselves on the back knowing that we would never fall for such a scam.

But despite the high awareness of spam and phishing emails, they are still one of the most common and successful types of cyber-attack.

Contrary to popular belief it’s not just the technically uneducated who can fall victim, even ‘those in the know’ get caught out now and again.

Most cyber-criminals are not stupid either and their phishing emails are getting more and more sophisticated and convincing.

So it is important not to get cocky but instead be sure that you know what to look out for and how to avoid falling victim to a phishing attack.

In this article, we are going to outline 6 simple ways to do just that.

1) Phishing emails contact details

A quick and simple way to tell if an email is suspicious is to look at the contact details it provides.

Phishing emails will often include a reply-to email that is inconsistent such as ‘barclaysbank@gmail.com‘.

It might use a different domain to the website they are pretending to be. This is likely to be a fake domain.

Criminal man point to fake bank website

Often, hackers will use a free webmail account. Remember anyone can set up one of these and companies will rarely use them to contact you especially financial institutes or large companies.

Always look at the contact details carefully.

If they are clearly fake, just junk the email. If you are not sure, seek out contact details from elsewhere by visiting their official website directly, not clicking links in the email and contacting the company directly that way.

2) Poor speling or grammer

Businesses might make the odd spelling or grammar mistake but usually, any official communication will be written very accurately.

Phishing emails are often not drafted with such care.

Cyber-criminals are located all over the world and many are not native-English speakers. This fact can often be seen in their emails which are badly written and riddled with spelling and grammatical errors.

Laptop with a scam email

For example, it might start by asking you to ‘log in for your account’.

If you receive an email full of mistakes like this, you can be pretty confident that it is dodgy and send it straight to your junk box.

3) Urgency to act

Phishing emails will always be urging you to take action fast. Often they include phrases like, “there is a problem with your order” or “you must take action now”.

That is because cyber-criminals know that these sort of scams only work when people react instantly because they are worried about consequences if they don’t.

Act fast

In contrast, if a business or your bank ever did need to email you about something, they would never push you to respond immediately.

Instead, they will always allow plenty of time because they know that not everyone checks their emails every day.

So, if you have an email urging you to take action immediately, the chances are it is a phishing scam and can be ignored.

4) Attachments

Be very wary of emails with attachments.

Businesses or your bank would never ordinarily email information out to you as an attachment. Rather they would ask you to visit your online account to see documents there.

But phishing emails will often contain attachments.

Scam email attachment

Frequently, these will claim to be bills, important documents, or contain information about money you can claim. Such attachments are almost always malicious and will frequently download malware onto your device.

If you see an email with attachments of this kind, never open the attachment.

Either assume the email is a phishing email or log onto your online account to check it.

5) Close match domains

Another common trick in phishing emails is to try and redirect you to fake websites.

Often, these will have domain names that are extremely close to the real thing but contain one small difference.

If you are reading in a hurry, these small differences can easily be overlooked.

For example, paypai.com can look like paypal.com if you are skimming through an email. If you do click on a fake domain like this, the site you end up can be indistinguishable from the real thing.

List of example phishing email domains

Always check the spelling of any domain before you click on it. Also make sure to ‘hover’ over the domain to see where it’s taking you because what it says and where it links to may be two different things.

Better still, don’t click on email links at all but rather enter the domain name into your browser yourself to be sure you are visiting a genuine site.

6) Sketchy Links

Phishing emails will often include sketchy links. Sometimes they will be to close match domains but often they are just to fake sites masquerading as the real thing.

If your website is inviting you to visit www.postoffice.biz or something similar, you can be pretty confident it is a phishing email or some other type of scam.

The best rule is not to click on any links in an email even if everything else looks genuine. Instead, visit the website the old fashioned way and log into your account rather than taking any unnecessary risks.

Summary

Contrary to popular opinion, it is not just idiots who fall victim to phishing scams.

The fact that this type of cyber-attack is still one of the most commonly used illustrates how effective they are.

Anyone can fall victim to scam emails so we should all be on our toes.

In this article, we have highlighted six ways to avoid scam emails. But there is one overarching rule that everyone should follow; if in doubt, assume an email is a fake and ignore it or contact the company involved directly to check.

Illustrations © Carlosbcna, Jozsef Bagota, Lkeskinen0, Sangoiri & Artsiom Kusmartseu | Dreamstime.com

Leave a Reply

Your email address will not be published. Required fields are marked *