Phishing is a type of cyber-crime. It is a method used in an attempt to gain private and financial data, phishing attempts are often presented via email, telephone or text messaging. It is one of the most common forms of cyber-attack, with 92.4% of malware is delivered via phishing emails usually in the forms of bogus bills and invoices. (Verizon 2018 DBIR) As 54.6% of all email is spam its handy to know what you need to look out for to avoid becoming a victim of a phishing email scam. (Symantec)
Here’s how to spot a phishing email
Be aware of the sending address
Most email providers only show the sender’s display name on an email. This means that it is easy for scam emails to slide into your inbox unnoticed. The most commonly impersonated companies through a phishing email are Google, PayPal, Yahoo and Apple, so if it seems like you have received an email from one of these services be sure to check the sending address.
In fact, it is best practice to check the sending address on all emails by hovering over the display name to ensure the email you have received is legitimate. The email addresses used in phishing scams often appear to be quite bizarre, containing non-sequential letters and multiple domain extensions.
Look out for Weird URL’s
Scam emails usually include buttons and links to accompanying phishing sites. These links can be hidden within the body of some text and also designed to look exactly like the legitimate URL. Phishers even go as far as embedding these malicious links alongside safe and genuine links just to lull you into a false sense of security.
If you come across a URL within an email which you think may not be bona fide, make sure to examine it before blessing it with a click, as sometimes scam URL’s are disguised by containing minor spelling errors. Simply hover over the hyperlink and the full link will appear. If you have any doubt, don’t click the link.
Be Wary of Attachments
Reputable companies rarely send out attachments to their companies via email.
Be extra vigilant if you do receive an email which contains an attachment as they can often contain malicious malware which can result in spyware being installed onto your device and give fraudsters access to your private data.
This even extends to the downloading of images. If you receive an email and the images don’t load then there’s probably a reason for it. As you would with ordinary attachments, don’t download them. Phishers can track the email in such depth that they know if you received the email, if you downloaded the images and what links you clicked within the email.
Never click an attachment or download an image you have received through an email unless you are 100% sure it has come from a legitimate source.
How is the Spelling and Grammer?
With big companies like Google and Apple content within their emails has been drafted, redrafted, read and proofread by professional writers before being approved to be sent to customers. This means that there are very rarely spelling and grammatical errors, however phishing emails tend to be teeming with them.
Ensure to look out for seemingly obvious spelling mistakes and basic errors with grammar. A big giveaway for phishing emails is the use of broken English, text that has been generated using a translation tool or which includes strange turns of phrase.
Don’t Confirm your Data
An authentic email from a genuine organisation will never email you to confirm your details. If you receive an email asking you to confirm any kind of information such as financial details, passwords or security questions it is more than likely phishing email.
If you receive an email asking you to carry out any of these actions or any similar actions, do not reply and do not click on any links or buttons within the email.
See below on what to do if you receive a phishing email.
Is it too good to be true?
If it seems that way then you’re probably right. Phishers will try and coax you into thinking that you have won the most expensive and ludicrous products or thousands and thousands of pounds of cash. Their aim is to lure you onto their scam site by asking you to claim your prize.
Another popular phishing email used is a long and emotive message from an ‘old friend’. They have reached out to you after being robbed before their life-threatening accident whilst travelling around Asia. They are now stuck in a foreign hospital unable to speak the language and pay for their medical bills’ yadda, yadda, yadda.
This is used in an attempt to get the receiver to transfer their ‘friend’ some money and help save the day. But really all their doing is handing over all of their bank details to a phisher on the web.
Phishing emails will contain strong and emotive language not just in the main body text but also the subject. This is used to rush you into opening the email and clicking any links. Usually phishing emails will use phrases like ‘unauthorised log in’ and ‘verification required’ designed to make you panic and quickly rush through the email without checking for phishing indicators.
What should I do if I receive phishing email?
There is nothing more technical to it.
It may also be worth your while to report the email as spam to stop similar emails from bypassing the junk folder in the future.
Remember, don’t believe everything you read in an email. Phishing is becoming more and more convincing when using business branding, URL’s, attachments and email addresses. Be sceptical. If in doubt, chuck it out.