Phishing is nothing new, it’s been around for years and is the most common form of cyberattack. You’d think by now the world would be wise to phishing emails and online scams to such an extent that they’d become extinct. Yet phishing has morphed into increasingly complex forms that are tough to detect and continue to dupe victims and steal their money, identity, and personal details.
From email to SMS, scammers use a variety of platforms when creating phishing scams. These cybercriminals obtain contact details from the Dark Web or online sources such as social media profiles before sending the target an email or message that looks like it came from a legitimate company, right down to the detail of the logo and branding.
A phishing email aims to make you visit a website, download a virus onto your computer, or steal bank details or other private information. The National Cyber Security Centre – a UK Government organisation – urges victims of phishing to report incidents through its website. So far, it has been notified of a staggering 29 million scams, which resulted in 168,000 being removed across more than 300,000 URLs.
But how do you spot a phishing email, and what should you do if you receive one? Cybersecurity services provider, ramsac, is highlighting the warning signs, how to avoid falling for one, and how to mitigate the danger posed by online phishing threats.
1. Suspicious sender
One of the easiest yet often overlooked methods for spotting a phishing email or scam is to check the address from where it came. Phishers will use a ‘spoof’ email address that closely resembles the real thing to trick you into believing it’s been sent by a real person.
However, phishing emails can be badly constructed and come from unfamiliar or suspicious email addresses that contain various discrepancies such as basic spelling mistakes and strange domain names that mimic legitimate users or company brands. Therefore, it’s important to put the sender’s email address under a microscope to identify any discrepancies and obvious signs of a scam and double-check that the email ID matches that which you’ve previously received from the same sender. E.g. A usual contact might be finance@bizsup.com and the phishing email might come from finance@bizsup.ai or an email from microsoft.com might come from nnicrosoft.com.
2. Urgent or threatening language
A common tactic used by scammers is to use urgent or threatening language in an email prompting the receiver to take immediate action. For example, an email may contain a warning that your personal account will be suspended unless you hand over personal information such as bank details or click on a fake link.
This sense of urgency implores the victim to act quickly or face the consequences of doing nothing. It gives the receiver little time to explore the email further to check if it’s genuine or fake and increases the likelihood of taking the wrong course of action and doing something they’ll regret.
3. Demands for personal information
Phishing emails often request a victim’s private information such as passwords, usernames, bank and credit card details, National Insurance numbers, and other types of personal data. The scammer will then use this data to make unauthorised purchases using the victim’s card and bank details, or to take control of any online accounts they may have with retailers or suppliers.
While phishing emails of this nature can appear trustworthy, their sole purpose is to lure victims in and con them into handing over their valuable personal information. It’s worth remembering that legitimate companies including banks and financial institutions will never ask for this kind of sensitive information via email. Rather, valid senders will phone, send a text, use live chat or other means to verify an email’s authenticity.
4. Fake links or attachments
You receive an email claiming your bank account has been hacked and the only way to protect your money is to transfer it to a different account. Needless to say, the only person with access to this new ‘safe’ account is the cybercriminal who created and sent the phishing email and is ready to drain your account of its last pound.
This example of a phishing ‘call to action’ is a frequently-used tactic by scammers and usually involves a link the victim must click to perform a specific action, or an encrypted file to be downloaded. For instance, the email may inform the target their account has been closed, their gym membership has expired and should be renewed, or delivery of a parcel has been suspended – in all cases, the email is likely to include a link to what appears to be a legitimate website but is in fact fake. There, the victim will be told to enter their personal details to confirm their identity – and in the process unknowingly hand over vital information a hacker will use to steal their money and take control of their accounts. Therefore, users should always avoid clicking on links or downloading attachments from emails that seem suspicious or unexpected. Similarly, hovering over suspicious links will allow you to check the actual URL is legitimate before clicking, and ensure that they lead to valid websites.
5. Bad spelling and poor grammar
Phishing scams, particularly those created in bulk for a random, scattergun attack, often contain spelling mistakes and are littered with grammatical errors. While this is not always the case – whaling phishing emails, for instance, are better constructed as they’re aimed at company executives – it is common to find multiple inconsistencies within phishing emails.
The fact is bona fide communication professionals would never send out emails containing so many clear mistakes. When a target receives a badly-written email of this nature it’s highly likely to have been created by phishing fraudsters who could be non-English speakers, or even automated software. Therefore, users should always be cautious of emails with poor language quality as they are likely to be phishing attempts designed to deceive and access money. Spotting these telltale phishing signs will help you to identify genuine emails from fraudulent ones.
In general, users must always remain vigilant when opening emails that come from unusual sources or make special offers you weren’t expecting. The chances are if it sounds too good to be true, it’s probably a phishing scam designed to con you into handing over your personal details for a scammer’s illegal gains. Therefore, by remaining ultra vigilant and carefully scrutinizing emails, we can all protect our valuable data and avoid becoming yet another hapless victim of an email phishing scam.