Phishing is a favoured tool for cyber villains and they go to great lengths to camouflage their illicit endeavours.
Their objective is to convince the recipients of the integrity of their underhanded communications on order to reveal login and password information and/or download malware.
Typically, phishing scams try to gain access to your online accounts. From there, they can empty your bank accounts, make unauthorised charges on your credit cards, steal data, read your emails and lock you out of your accounts. It’s nasty stuff.
But that said if you develop an eye for these disingenuous missives you’ll be able to spot them a mile off. Check out these five tips for identifying phishing emails.
Watch out for the unexpected
Phishing emails take many forms. It can be a message about an invoice, an unpaid bill, retail spend, an HR document, postal confirmation or a request to change a password, that on the surface appears legitimate.
- As such you need to carefully scrutinise any such emails before you download attachments or click on any included links.
- Ask yourself did you actually order anything for which you're expecting a confirmation? Did the email come from a store you don't usually buy from? Are you missing an outstanding payment?
- Don't hesitate to call a company's customer service line to confirm that any such emails are legitimate. It's far better to be safe than sorry.
If you receive an email from someone you don't know directing you to sign in to a website be extremely wary, especially if the sender is urging you to give up your password or similar private information.
- Legitimate companies never ask for this type information via email, so this is a big bad red flag. Your bank doesn't need you to send your account number, they already have that information. A credit card company doesn’t need your payment details or the answer to security questions.
- Also double-check the senders address. Some phishing attempts use a sender's email address that is similar to, but not the same as, the company they are impersonating. The change may be slight but it’s enough to expose the mail as a phishing attempt.
Don't click on links
- Phishing mails will include embedded URLs (links) that take you to a different site designed to capture your personal information.
- At first glance, these links can look perfectly valid but if something doesn’t add up (see the sections above) it’s probably a phishing attempt and as such you shouldn’t click on it.
- Another trick phishing scams use is misleading domain names in the email body copy. At first glance it may appear to be the genuine name of a legitimate organisation. But if you compare it closely to the real name you will see differences.
Poor spelling and/or grammar
Corporate communication departments put a lot of time and energy into ensuring their communications are on the nail, whether it’s an email or a brochure.
- Email messages go through several rounds of proofreading to ensure there are no errors.
- If the email you receive is riddled with spelling and grammatical errors you can bet your dictionary that it’s a scam.
Some phishing mails go straight for the jugular and threaten that an account will be closed or urgent action is required.
- Intimidation tactics are unfortunately common; designed to induce anxiety to get you to provide your personal information. Don't hesitate to call your bank or other organisation to confirm if something doesn't seem right.
- Some scammers also threaten action from government agencies to get victims to part with their information. But government agencies generally do not use email as their first communication.
Phishing scams are constantly evolving with their methods becoming ever more cunning. Many are designed to dovetail with calendar events such as spring sales, Black Friday, the holiday season and even end-of-year tax filing. So you need to stay sharp and use good security software
that flags up malicious links and protects against infected documents.