Get in touch:

Tags: , , , , ,

Phishing emails are spam emails that con you into thinking they’re genuine communications from a bona fide organisation. A typical example is an email that looks like it’s come from your bank and asks you to log into your account. If you click on the link within the email, you’ll be directed to a bogus URL which harvests your bank details and log-in information.

The cyber criminal behind the phishing scam can then access and empty your bank account – and will probably steal your identity into the bargain. Phishing emails can also be used to launch ransomware attacks, where your files are encrypted until you make the requested payment, or to distribute viruses and malware.

The problem with phishing emails is that, all too often, they’re very convincing. Criminals are adept at creating branded emails, complete with logos and imagery, that look like the real thing. And whilst some better-known scams will be picked up by your Spam filter, there’ll always be some campaigns that slip through the net and end up in your in-box.

Fortunately, there are some simple ways you can identify whether an email is a phishing scam.

Consider whether the email is expected

If you receive an email purporting to be from a bank or credit card company that you don’t have an account with, it’s pretty obvious that the message is a scam. However, you still need to be careful about emails from companies you do have a relationship with.

Literally millions of people in the UK have accounts with, for example, Amazon and PayPal. Cyber thieves know this and exploit the fact all too often. So, even if an email is 100% expected (such as if you’ve just placed an order with Amazon), still treat it with caution.

Read the email address very carefully

At first glance, the email address might look real, for example, accounts@hsbc.uk.com. But if you check online, the URL hsbc.uk.com doesn’t exist. The UK domain for the bank is actually hsbc.co.uk.

Another danger sign is the use of a public email domain such as Gmail or Hotmail, for example, hsbc@gmail.com. Any large organisation will have its own URL and won’t use this kind of email address.

A third common trick is to change just one letter from a company’s email domain, e.g. paypai.com instead of paypal.com. The eye tends to see what it expects to see, so it can be hard to pick this up. But take a moment to read the email address carefully. If you’re in any doubt, copy the domain and put it into Google (not your web browser). This should tell you if it’s a scam – try it now with Paypai!

Check the destination of web links within the email

If a suspicious email invites you to click on a link, hover the cursor over it to see what appears in the bottom left hand corner of your screen. A link in a phishing email may point to a completely different destination to that indicated in the message and may not even be relevant to the content or the sender’s purported identity. However, it may just be slightly mis-spelled – as with the Paypai example above – so check it carefully.

Look out for strange attachments

A common scam is to send out emails with attachments claiming to be invoices, payment reminders or debt collection notices. These usually contain malware or ransomware which will wreak havoc with your computer systems and network if you click the download button. The cyber thieves will have access to your personal data as well.

In short, if you receive an email with an attachment you’re not expecting, don’t open it!

Be wary of a sense of urgency

Cyber thieves are very good at getting people to react to messages that can cause panic. A prime example is an email stating that your bank account or Apple ID has been compromised and you need to log in urgently and change your details. Most companies would never email you if there was a problem with your account; they’d contact you using other means.

If you receive a message like this and are in any doubt, simply get in touch with the company and ask them if the email is real. Don’t use the contact details or click on any links within the message. Use the details you have on file or get them from the company’s (bona fide) website.

Check for spelling and grammatical errors

An email from a reputable organisation is likely to read well, with no spelling or grammatical errors. People who create phishing scams, on the other hand, may not have the best grasp of the English language. So look out for mistakes within the email content, or copy that doesn’t flow or read correctly. The writing style may also be different to what you’d expect from the company in question.

Like to know more?

For more information about phishing emails and how you can protect your IT systems, contact Jalapeno Business Services. We’ll be pleased to discuss measures you can take to help prevent cyber attacks, such as advanced email filtering and staff training to raise awareness of threats. Get in touch today to discuss your requirements or book an appointment with a member of our friendly team.