Phishing emails used to be quite obvious to spot. Not only did they make little sense, but they usually seemed to be caught by junk filters anyway. But phishing emails are becoming more and more sophisticated in the way that they appear in your inbox, making it difficult for even the savviest of IT whizzes to spot whether it could be genuine or not. Here are a few clues to look out for:
Poor spelling and grammar
Usually a reputable company has many proofreaders in place checking any correspondence before it goes out to the public. Of course, they can still make the odd mistake, but it is rare. If you notice spelling or punctuation errors, or if you think that the sentence structure in an email appears a little off, give it a second thought before replying or taking what the email says as true. Action Fraud says that they may also use odd ‘spe11lings’ or ‘cApiTals’ in the email subject to fool your spam filter.
It asks you to click a link
One big sign that the email is a phishing scam is that it includes a clickable link in the email which it encourages you to click on. This might take you through to their version of the company’s site, which is ready to take your IP address, data and any other log in information you might put into it.
It was unsolicited
Some emails you get are not in any response to anything you have actively engaged in recently, or at all, which should be a cause for alarm. For example, in phishing email from several years ago fraudsters pretending to be Wonga contacted a plethora of South African residents with a loan offer that took them to a fake website designed to harvest their personal information. The contact information of those targeted was not obtained from Wonga, meaning that most of those contacted had no prior association with the Wonga brand at all, however this didn’t stop some unfortunate people being duped by the scam. If you find you have any queries or uncertainty about correspondence from a brand (especially one you’ve never dealt with before) I recommend going the old fashioned route and contact the company directly with their direct brand phone number from their website (not one provided on the email) and ask them directly about the correspondence.
It seems too good to be true
It might be that you receive an email from someone who calls themselves ‘HMRC’ and they are telling you that you are due a tax refund. A very sophisticated phishing email that was going around actually tracked when people were logging onto the HMRC site, and emailing them shortly after with a link saying ‘to access your tax refund click here.’ Of course, customers of HMRC might not think anything of this because they could believe it was in response to their recent log in. But, because the email was promising money, and because the real HMRC would only send you an email saying you have a ‘secure message’ and not anything further, you should be suspicious of something like this and should report it rather than accepting its content, providing personal details or clicking any links they offer.