Hey everyone, today I will sharing with you some key tips on spotting and avoiding phishing email scams.
Scams are everywhere and they are usually really enticing and draw people into clicking them… and then regretting it later. We at Ways to Work from Home are determined to ensure we help as many people as we can avoid getting caught out by these scams.
The shocking fact I found out when I did my research was that 30% of phishing email scams are actually opened, according to Verizon’s 2016 Data Breach Investigation Report. This makes it imperative we make as many people aware of ways to avoid these scams as possible.
Let’s start with describing what is a phishing email?
What is a Phishing Email?
Wikipedia describes “Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication”.
And so, a Phishing email is an attempt to obtain this information via an email to your email address. The most successful phishing email scam is one that is disguised as something an employee would normally expect – for example an email from the HR department, shipping information notes or a request to change your password from (what looks like) the IT department. They will be almost perfect and the key is in the bit about it being ALMOST perfect is the bit around spotting it is not genuine.
Phishing Email Examples – Scams
There are a number of examples, but I wanted to draw on 2 that I have received myself. The first one is one that looks like it came from Paypal – a receipt for a purchase at £27.95. When you look at the email it looks like it came from paypal at first glance. It also gives you a ‘link’ to your account. Now naturally, as I had not made a purchase using PayPal that day ( I had been in a meeting all day) you want to log in and see what this purchase was and cancel it. But that is how they get you. By clicking that link they gain access to your PayPal account. Now, I am quite savvy with this kind of stuff, so I disregarded the email and logged into PayPal via the app on my smartphone and it showed that there was no purchase made using my account. So I went back to the email to have a closer look and noticed key differences to a normal PayPal receipt via email. The email account of the sender was slightly wrong, there were a few spelling mistakes and a normal PayPal receipt email doesn’t have a link to your account on it. So this is a great example of not taking everything sent in email as genuine. Tip #1 If unsure log into your account the correct way.
The second example was to do with the HMRC. I have to fill out a self-assessment tax form on an annual basis. But the scam email i received made it look like i owed a lot of tax and needed to log in immediately to pay via an email. Now I knew I was totally up-to-date with my tax form and again there was key differences in the type of email. HMRC emails do not give you a way of logging in via an email, you need to go through several steps of security to log in. The key point i also noticed on this email was it was sent to my other email address – not the one I do my normal self assessment with. So Tip #2 DO NOT RUSH into these things, take a step back and think!
There are many types of phishing email examples:
- Offers that look too good to be True… “You have won the lottery, but you need to log in now…” “You’ve won an all-expenses paid holiday”
- Emails that look like they have come from a government agency
- You are asked to send money to cover expenses (may not be in the initial email – but further down the line)
- Unrealistic Threats – Intimidation Tactics. “Pay Now or we will start legal proceedings”
- Anything where it asks you log into your account (Bank accounts, PayPal, HMRC, Work Accounts)
- Something where you didn’t Initiate the Action “You are a competition winner” but you didnt enter any competition
How to Spot a Phishing Email
If you receive an email, that doesn’t look quite right – that is the first step. If it looks too good to be true it means you need to aware. There are some key ways to spot a phishing email that is a scam, I have listed them below:
- The domain name is either misleading or mismatched. Think about your bank account – for example HSBC, their domain name is HSBC.co.uk for me (I am in the UK). but the domain name is not the same on the email, it could have an extra character – so at a quick glance it looks right.
- Any email that is asking for personal information or asking you to log-in is normally fraudulent. Any legitimate company would not ask you to enter your personal information or log in from an email.
- Another way is reading the email and looking for poor spelling or grammar. Emails from genuine companies are usually meticulous when it comes to spelling and grammar. But a scammer is hoping that you just click the link without reading the email correctly, a reflex action. Poor Spelling or Grammar is a great way of spotting a phishing email.
- Be aware of unrecognised links – Scammers have in some cases started using embedded links. This is where when you click the link it takes you to a page that looks very relevant to what the email was about – but whilst you are looking at this page, the scammers already have access to whatever they wanted.
- Check the name of the sender – this will normally be a bogus name urging you to sign into a website – especially if it looks like a work email from HR, etc. Is it actually right for your company or is it not?
- An email that is ‘threatening’ you with a deadline like the example i gave for the HMRC tax payments.
- Any email that looks too good to be true.
If you make yourself more aware of these types of signs and are wary of any email that lands in your inbox that you didnt initiate, then you can ensure you get in the habit of checking and ignoring these scams. If you receive an email and are unsure if it is genuine, log into your account the correct way and check it or contact the company via their website. If unsure, don’t click a link.
Phishing Scammers are constantly evolving and adapting to find new ways to separate innocent people from their information and money. So the key is to trust your instinct and do not react straight away. Take a moment to read it, look for the signs and if it isn’t right or look right. Don’t follow any links on it, and if you want to check – use the correct ways of contacting the companies (Your bank, PayPal, etc.) Another good information link is Phishing.Org. This website is all preventing Phishing and has some goo information on the subject.
If you have received any examples of phishing scams or have any other tips that may be useful, please write them in the comments below, The more phishing scams exposed the more likely we achieve the goal of helping people avoid scams.
Thanks for reading, if you have any questions please write them in the comments and I will respond.