How can you recognise a phishing email and what can you be doing about it?

Microsoft sum it up very succinctly; Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.

Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretences. They might email or call you on the phone, or convince you to download something off of a website or call a number to get help.

So if you suspect it, how can you recognise that you are on a phishing hook?

1. The URL (Uniform Resource Locator) doesn’t match up

The URL is basically the address on the Internet, if you suspect that the email is phishing, then a quick look at the link in the address bar, by hovering over the address with your mouse or cursor, you can see the hyperlinked address, if they don’t match then it’s more likely to be malicious.

2. Spelling and grammar

In many of the phishing emails spelling and the use of grammar is incorrect. All large corporations are very particular in checking that what they send out, is formatted correctly spelt correctly, does not harm their brand and is legally correct.

3. The message contains a domain name that just doesn’t look right

As we hold accounts with many large corporations for banking, social media, email, utilities etc., we receive many emails on a daily basis, so if you think that the format of the email or the address looks different, then the likelihood is that the people who set out to scam you have used a variation of the domain name to try and convince you that it has actually come from a reputable source.

4. The message contains threatening content in the message

The people who send out these scam emails, are looking for you to make a call to action, in doing so it then enables them to download malware and retrieve the information that they seek. By threatening to cancel your service, account or saying your security is now at risk, is done to provoke a reaction from those less suspecting.

5. The message is asking for personal information or for money

Many of the emails that are sent out from these domains (Point 3) will ask you for personal information such as passwords, clarification of an account number or just asking to confirm your credit card number and even ask for money. No reputable corporation would ask you to disclose this type of personal information, therefore you can treat this as fraudulent.

6. Your gut says the message just doesn’t ‘look and feel right’

If there is something that immediately makes you feel suspicious then you are most likely to be right. If you have not asked for or subscribed to an offer, or it just looks too good to be true, it may even seem to originate from a government source, then your instincts are telling you it’s a scam.

7. So what should you do about it?

First and foremost, do not take any action on the email, delete it out of your inbox and permanently delete the message. The same would apply if the message came to your phone or mobile. Do not take action which complies with the request. Secondly you should report it. In the UK you can report unsolicited calls or fraud to Action Fraud the National Fraud and Cyber Crime Reporting Centre https://www.actionfraud.police.uk/.

Are you frustrated by too many spam emails getting through to your inbox? If so and you would like help understanding and recognising phishing emails or you are concerned that your antivirus protection is not sufficient, please give us a call on 01737 824003 or email us.