It can sometimes be hard to identify a phishing scam, or you realise a little too late.
Phishing scams usually look like a legitimate email, often from a brand that you may recognise. Cyber-scammers will often use the names, and branding of larger companies that you are more likely to recognise, such as HMRC, your bank, Apple or Amazon to help give an air of legitimacy to their email. One of the most common approaches is to ask you to click on a link to update your account, or to access a refund that has been awarded and is ready for collection. Even if you think you know the sender, they may not be who they say they are so it’s always worth undertaking a few checks before you click on that link. If there is any doubt that the sender may not be genuine, or if they are encouraging an undue sense of urgency, don’t click until you’re absolutely confident that it’s the right thing to do.
5 ways to detect a phishing email
- The email is sent from a public email address
Look at the sender’s email address, this will give more clarity into who the actual sender is. It will be different from the company address that it is making out to be from. For example, an email from Amazon is unlikely to come from an address that includes ‘gmail’ or has a series of numbers in it.
- Strange attachments
If the email is unexpected, or comes from an unknown recipient (or one that looks untrustworthy), beware if it asks you to open an attachment. These attachments can contain malware (malicious software programs that load automatically) that can harm your computer and capture personal data, often without you knowing this is happening.
- The unnecessary creation of a sense of urgency
Phishing emails will often make themselves out to be urgent, in the hope that you will panic and not pay enough attention to the potential risks. This may be achieved by saying that your personal data has already been accessed, and that you should verify or make changes to it urgently, or reset a password to stop any further damage occurring.
- Links to unrecognised websites, or website addresses that subtly misspell a familiar domain name
Phishing emails normally ask you to click on a link within the email. If you hover your mouse over the link it may come apparent that the website address (or URL) is mis-spelled, or completely different from who they are pretending to be.
- Poor spelling and grammar
You can often detect a phishing email by the way it is written. The style of writing or tone of voice used will often be very different from the sender who they are pretending to be; poor spelling or grammar is a good giveaway to a phishing scam that has originated overseas.
If any of these warning signs appear at any time or if in any doubt at all, do not click on any links, or open any attachments. If you wish to check the validity of the email, you should contact the provider (using a publicly available contact email address or telephone number from their website, and not the contact details specified within the email itself).
For more tips on how to stay safe online, we've covered how to avoid falling victim to bank transfer fraud
and how to protect yourself against identity theft