Email scams are commonly known as ‘phishing’ because that is precisely what they do; fish for personal and private information such as payment card details and bank account numbers.
They are incredibly popular among cyber crooks because only a small percentage of people need to fall for them before they make a lot of money.
Cyber fraudsters typically buy and trade email addresses on the dark web. The email addresses are usually hacked from databases and then offered for sale, sometimes including passwords.
These thefts can be enormous in scale. When Yahoo was hacked in 2015, 500 million email addresses were stolen. Fraudsters then use these email addresses to send out scams.
Here are some top tips to help you identify email phishing:
Check the 'from' address
Check the address the email comes from. Scammers often change the name to make it look like it’s from the company or organisation they are pretending to contact you from.
To find out if there’s a fraudster behind what looks like a genuine sender, use your mouse to hover the cursor over or right-click on the sender name and you should see the email address behind it.
Look at the email branding
Scam emails often pretend to be from big brands, companies, supermarkets, retailers and even government departments.
Check the branding, that is, the logos and mastheads. If they don’t look like the genuine article it could be a scam. That said some fraudsters are very skilful at imitating logos and brand identifiers.
Is the greeting personal?
Sometimes scam emails will just say ‘Hi’ or ‘Hello’ and not include your name. This impersonal approach is a sign that it’s likely a scam.
Check contact information
Does the 'contact us' information at the bottom of the email link to anything? Is it clickable? Are the websites it links to genuine? If the answer is no, you should be on your guard.
Poor spelling and blundering grammar
Poor spelling and bad grammar are tell-tale signs that an email is from scammers. Also watch out for several different font styles, font sizes and logo mismatches.
Rushed into decision making
Fraudsters will try to pressure you with time-sensitive offers, encouraging you to act now or miss out on ‘exclusive’ deals.
If the message is alerting you to look at something linked to an account you have with the organisation you should log in separately to your account in a new tab or window.
Claiming to be ‘official’
Fraudsters often try to make the email sound official. They will often include the word ‘official’ but it’s unlikely to see a truly official email telling you that it’s ‘official.’
Scam emails may also contain information such as account numbers and IDs designed to trick you into thinking the email is genuine. Check any of these against your records to see if they match.
If you’re not sure whether a scammer is behind an email get in touch with the organisation directly or their 'contact us' page.
Also check company help and customer services pages. Often companies are aware of scams circulating and publish advice for customers on what to look out for.
Don’t click on links or download attachments
Scammers often try and trick you into installing computer viruses such as ransomware or banking Trojans.
If you suspect an email might be from a scammer, do not click on any links or download any attachments featured in the scam email as these may download a computer virus onto your computer.
Make sure your antivirus software is always up to date. This provides an extra layer of protection if you have unknowingly downloaded a computer virus
Check if the linked website is legitimate
If you have clicked through to a website or landing page from an email thinking it is genuine, make sure you double-check the authenticity of the website.
If it’s a big brand or company, simply do a quick Internet search for them. Click on their website and then compare the URL addresses.
Are they the same, similar or totally different? This should give you a good indication as to whether the landing page you have been directed to is fake or genuine.
Do they ask for personal information or bank details?
If an email is asking you to update or re-enter your personal or bank details it is likely a scam.
Personal information includes things like your credit card number, pin number, or credit card security code, your mother's maiden name or any other security answers you may have entered.
Most companies will never ask for personal information to be supplied via email. If you receive an email like this, delete it without question.