How to spot a phishing E-mail

Every day, hundreds of thousands, even millions of phishing/scam/fake emails are being sent all over the world, trying to entice unsuspecting victims to claim the inheritance of their recently deceased long lost second cousin twice removed on their father’s dog’s side.

Whilst some of the claims (like our example above) are just so outlandish they can’t be true; hackers and cyber criminals are getting smarter and smarter with their methods of deception. Posing as anything from financial institutions to government bodies and police forces, it’s now harder and harder to spot a fake from a genuine contact.

And it’s not just individuals that need to be cautious, more and more business’ are falling prey to email scams. Emails claiming to be from the company’s bank, requesting account details to emails purporting to be from company directors, asking for a large sum of money to be transferred to another company or account. All these methods are designed to trick and fool members of staff into providing sensitive information or to make payments to the fraudsters bank accounts.

Check out our top tips on how to spot a phoney email and keep your sensitive information and accounts safe

1.      Mismatched URL’s

Hackers and cyber criminals can make emails look identical to the genuine article with some complex coding and some fancy imagery. So how can you spot a fake? One thing they cannot fake are the web addresses they use to try and lure you in. On the surface, the link may look like a genuine link to your banks website but dig just slightly deeper and you’ll notice a different web address. One of the easiest ways to check this is to hover your mouse over the link. On most email clients, the destination URL will display as a little pop up. If you don’t recognise it, don’t click it.

2.      Spelling and grammar

One of the most obvious giveaways on hacking and phishing emails tends to be the poor grammar and spelling. Household names would seldom let an email be sent containing spelling and grammatical errors. If something looks a bit off, chances are it is.

3.      Requests personal details

Financial institutions and government bodies would never ask for personal details by email. Banks in the UK ask for only a few characters of PIN’s and passwords for verification, keeping the full PIN or password secure. Banks also don’t need to request your account number, they already know it! If an email requests PIN’s, passwords, account numbers, credit card numbers etc. chances are it’s not as legitimate as it looks.

4.      You’re not expecting it

For example, you get an email telling you that you’ve just won £1,000,000 on the lottery! In the dizzying aftermath, with your mind thinking about where you’d spend your winnings, you click the link and give them your details to ‘verify’ your prize. Then the realisation hits. You don’t play the lottery. And haven’t done since 1999. As a general rule, if you didn’t initiate the action, then something might be up. Be careful clicking any links or providing any personal information.

5.      Unrealistic threats

Whilst some scams try to entice people into giving personal or private information on the pretence of an amazing prize or competition win, others take a different tack entirely. Official looking emails demanding personal information, with a threat of closing bank accounts or seizing assets if you don’t respond are likely to be false.

And finally…

6.      It looks too good to be true

As much as it would be amazing to wake up one morning having inherited $9,000,000 from a long lost relative you’ve never heard of, chances are it’s just not going to happen. The same goes for prizes you didn’t enter a competition for. Try not to get swept up in the excitement of your supposed windfall and use common sense before giving any information or clicking any dubious links.

This list isn’t exhaustive but gives you a flavour of the giveaways for scam/phishing emails. If you are ever in doubt of the validity of an email, check with the supposed sender. It’s important not to use any contact details on the email, as these may be planted to try and make you believe the validity of an email.

Instead, call a number from previous, legitimate correspondences, or from official websites.

Finally, if you think you’ve received a phishing or scam email, report it. Lots of large companies have special departments to deal with email fraud. We’ve posted some useful email addresses below:

phishing@natwest.com

internetsecurity@barclays.co.uk

phishing@hsbc.co.uk

phishing@santander.co.uk

You can also report any attempted online fraud or scams directly to Action Fraud, the National Reporting Centre for Fraud and Cybercrime, set up by UK police forces. You can report fraud or cybercrime online here. https://www.actionfraud.police.uk/report_fraud