When most people think of scam emails they’re reminded of Nigerian Princes asking for large sums of money with no sense of subtlety at all, but cyber-criminals are becoming increasingly smarter and trickier, leading to 30% of phishing emails being opened according to Verizon’s 2016 report – a number which is probably even higher now. But, as sneaky as these criminals get, there are still some common signs to look for to help you identify a phishing email.
Demanding Urgent Action
This is easily the most common technique used in phishing emails, threatening a negative consequence if the recipient doesn’t take action immediately. Phrases such as ‘your account has been blocked’ or ‘your details have been compromised’ are good to look out for. Of course, there’s the possibility that one of your accounts could be blocked or compromised, but genuine companies would act on this in a much more helpful manner, rather than scaring you – and if you really do think an urgent email could be real, it only takes a minute to look up the company’s phone number.
Requesting Sensitive Information
Emails that ask for log-in details, financial information, or any other private data should always be treated with caution – remember, companies will never ask you to email them with this kind of data, and even if the message provides a link redirecting you to a page where you can input this information, these pages can easily be forged.
Names, Email Addresses & Links
Email addresses, domain names and web addresses are surprisingly easy to forge, but usually not perfectly. If the email is coming from a trusted company, simply check the details against their older messages, and if not, see if you can find the company’s information on google – most of the time the forged names and addresses will be off by one letter, making it easy to miss if you don’t have a keen eye.
Email attachments could potentially harbour malware that can monitor your keystrokes and corrupt your data – attackers will sometimes even demand ransom money in exchange for regaining you access to your important information. To avoid this, ensure you are never opening attachments from sources that you don’t 100% trust.
Emails from official organisations would typically be relatively formal, addressing the recipient by their name or username. Any email that opens with a generic ‘Dear customer’ is likely a scam – however, attackers can sometimes get hold of personal information such as customer names, so this isn’t a sure sign that an email is legitimate.
When it comes to email exchanges between co-workers you will usually see a more casual greeting, so any messages starting with ‘Dear’, for example, could be a sign of impersonation. If you’re ever suspicious of an email from a colleague, make sure you double-check the email address.
For more information on how to protect yourself from phishing attacks, take a look at this helpful inforgraphic from Action Fraud.