10 tips for spotting phishing emails

PhishingTrustedBank‘Phishing’ emails are designed to convince the recipient to share his or her personal information with an Internet-based criminal. Usually they will pretend to be from a financial institution like PayPal or a bank but can also be from individuals offering a deal that’s too good to be true.

The personal information can be requested directly by email or by clicking on a link.

The term ‘phishing’ is a variant of the word ‘fishing’ which alludes to the way the emails lure their victims into taking the bait.

Below are the top 10 tips for spotting a phishing email.

1. Requesting personal information

The number one warning sign is that the email is requesting personal information – usually your name, paypal email, bank account details or street address. This information can be used to directly access your bank account or be used as proof of identity to access other resources.

To tackle the risk of phishing attacks most banks make it clear that they will never request information through email.

It also serves are an important reminder that email is insecure and NEVER an appropriate way to request personal information.

2. Awkward or impersonal greetings

Most, if not all, phishing email emails don’t refer to the recipient by name. Instead, they usually have a generic greeting such as, “Dear valued member.”

If you do believe an email is phishing and has used your name there is cause for concern – this implies the criminals already have some of your personal information. You should seriously think about changing your passwords and PIN numbers and watch your bank statement for fraudulent transactions.

3. Urgent language

Phishing emails often make the emails appear urgent – hoping to lure their victim before they have second thoughts.

They will usually say one of two things: that the recipient’s account has been suspended due to “security concerns” and he/she needs to take action to restore the account; or that the recipient’s account will be suspended soon if he/she does not act immediately.

If you’re facing this situation, stop and think – and if in doubt contact the source by phone to confirm the email is authentic.

4. Typos, spelling mistakes and poor grammar

Without a doubt the funniest part of phishing emails is the many mistakes they make with the English language.

Official emails from large corporations are proofed to ensure these mistakes are not sent to their clients.

Typical examples are ‘acounts’ rather than ‘accounts’ and ‘your information has need to be confirmed’.

5. Strange links

If the email contains a link to a website check it carefully for two things –

  1. Is the text part of the link going to where the link part is.You can do this by hovering over the link, a pop up will display where the link actually goes to – are they the same?
  2. Is the link going to the official website?

6. The offer is too good to be true

If the email is claiming to be from a long lost family member or an Nigerian prince hit delete. After all, why would a Nigerian prince that you have never heard of contact you to help him smuggle money out of his country?

7. No prior contact

If the email is an unexpected contact from a company you have nothing to do with steer clear. Typically these are emails claiming you’ve won the lottery or the tax office offering your an instant refund.

8. You’re asked to send money to cover expenses

A clear sign that you’re looking at a phishing emails is that you’re being asked for money to access the offer – such as a ‘small fee’ to claim your lottery winnings.

9. The email makes unrealistic threats

Looking at the darker side of phishing – sometimes the emails will be making threats. The threats are usually blackmail or murder – no laughing matter.

If you receive a threatening email through a work email account contact your IT or HR department – there should be a process in place to measure the threat and involve law enforcement.

If it’s a personal email account you have the option of contacting the local authorities but it is unlikely they will take it seriously unless there is another reason to. Simply hit delete and try not to think about it.

10. Something just doesn’t look right

And finally, gut feeling is the best measure.

If there’s something that just doesn’t feel right DO NOT interact with the email – don’t click on the links, don’t reply – just delete it.

If you do believe an email is phishing and has used your name there is cause for concern – this implies the criminals already have some of your personal information. You should seriously think about changing your passwords and PIN numbers and watch your bank statement for fraudulent transactions.

3. Urgent language

Phishing emails often make the emails appear urgent – hoping to lure their victim before they have second thoughts.

They will usually say one of two things: that the recipient’s account has been suspended due to “security concerns” and he/she needs to take action to restore the account; or that the recipient’s account will be suspended soon if he/she does not act immediately.

If you’re facing this situation, stop and think – and if in doubt contact the source by phone to confirm the email is authentic.

4. Typos, spelling mistakes and poor grammar

Without a doubt the funniest part of phishing emails is the many mistakes they make with the English language.

Official emails from large corporations are proofed to ensure these mistakes are not sent to their clients.

Typical examples are ‘acounts’ rather than ‘accounts’ and ‘your information has need to be confirmed’.

5. Strange links

If the email contains a link to a website check it carefully for two things –

  1. Is the text part of the link going to where the link part is.You can do this by hovering over the link, a pop up will display where the link actually goes to – are they the same?
  2. Is the link going to the official website?

6. The offer is too good to be true

If the email is claiming to be from a long lost family member or an Nigerian prince hit delete. After all, why would a Nigerian prince that you have never heard of contact you to help him smuggle money out of his country?

7. No prior contact

If the email is an unexpected contact from a company you have nothing to do with steer clear. Typically these are emails claiming you’ve won the lottery or the tax office offering your an instant refund.

8. You’re asked to send money to cover expenses

A clear sign that you’re looking at a phishing emails is that you’re being asked for money to access the offer – such as a ‘small fee’ to claim your lottery winnings.

9. The email makes unrealistic threats

Looking at the darker side of phishing – sometimes the emails will be making threats. The threats are usually blackmail or murder – no laughing matter.

If you receive a threatening email through a work email account contact your IT or HR department – there should be a process in place to measure the threat and involve law enforcement.

If it’s a personal email account you have the option of contacting the local authorities but it is unlikely they will take it seriously unless there is another reason to. Simply hit delete and try not to think about it.

10. Something just doesn’t look right

And finally, gut feeling is the best measure.

If there’s something that just doesn’t feel right DO NOT interact with the email – don’t click on the links, don’t reply – just delete it.