3 Ways to Identify a Phishing/Scam Email
Make these a habit
Phishing (pronounced fishing) is an email scam that aims to extract personal data, credit card details or infect your computer with viruses and malware. They can range from the comically inept to highly sophisticated copies of legitimate company missives. Sometimes even experts find it hard to tell the difference between a genuine email and an imitation. In any case it always pays to be aware of who is sending you a message and asking yourself whether you were expecting to receive it? Here are the three most important things you should check before interacting with an email:
Check the sender's email address
When an email pops into your inbox, the sender’s name might well read ‘Microsoft’ or ‘Spotify’, companies whose products you use or are at least familiar with. As a result, you feel confident enough to open the email, but before you do this take a closer look at the full address. Does it end with a public domain name such as gmail.com or hotmail.com? They’re trustworthy right? Not in this case. A legitimate company always uses its own domain name and the part of the address after the @ should match the company sending you the email, for example @microsoft.com. This is a good initial indicator of whether a message is legitimate. An exception to this rule might be a message from a self-employed person or very small businesses, in which case move on to check two.
Be suspicious of attachments and links
Never open an attachment you aren’t expecting, it might contain a virus or malware. These days very few companies send files this way, they’re far more likely to pass on communications within the text of the email, or will invite you to login to your account through a website or app. But if the email address looks authentic and you are in two minds about whether to open it, it’s always a good idea to check with the purported sender through their official website or by telephone. And when you get the go ahead, it’s still important to have anti-virus software installed on your computer for peace of mind. Avast is a good, free option.
Increasingly scammers invite you to click on a link in an email, an action that appears innocuous enough but can be disastrous. Unlike those dodgy domain names, web links may be hidden by an authentic looking graphic or company logo making its veracity less obvious. To find out where it’s leading you, hover the cursor over the link or, if on a mobile device, press and hold to see the web address before you click. Does the website address match the official domain name? If not, definitely avoid.
Is it well written?
If a company is taking the effort to contact you with important information or offer a great deal, they will always make the effort to ensure it is clearly written, grammatically correct and free of typos. Phishing emails frequently don’t go through the same stringent checks – in fact historically they’ve been astoundingly badly written. This isn’t always true, but if you see language that is awkward or contains peculiar phrasing, there’s a good chance it’s been written by someone who doesn’t use English as their first language. Other red lights might be an unusual sense of urgency, phrases like ‘act now’ or ‘contact us immediately’ are common in phishing emails. If you feel suspicious or pressurised, stop and ask yourself why.
These are quick, routine checks that you will soon be doing as a matter of course. They boil down to a single, common sense rule: if something about an email doesn’t feel right, play it safe and leave it unread.