Phishing Emails – Spot the Lure and Avoid the Hook

Email phishing scams are becoming increasingly common as fraudsters find more inventive ways to grab your attention. Here are some tips on how to spot when something “fishy” is going on.

1 – Check the “From” email address

If an email seems odd from the get go, your first port of call should be the senders email address. Most phishing emails will try to look like the site they are masquerading as, but there will be glaring differences to the genuine thing, e.g:

The first part of that address is designed to grab your attention and reassure you into thinking it is from eBay. The meaningful part here is after the “@” symbol, what is known as the “domain name”. Anyone can register a domain name, even convincing looking ones like the below example:

If the email itself seems off, and the address looks bogus, delete and block the sender.

2 – Reputable companies will call you by your name

Dear CEO, Hi dear and Dear friend as initial greetings are usually a sign of an illegitimate emails. “Greetings wonderful manager” is probably my favourite one that I’ve received in the past. If the sender doesn’t know your name then it’s safe to assume that it’s either a scam or just plain junk.

3 – Be wary of poor spelling and grammar

While there are some scammers based in the UK, the majority are based in overseas call centres. The initial emails are sent out automatically to potential victims whose email addresses where gathered from various sources (be careful what websites register accounts with!). A scripted “bot” will then periodically send out 100’s or 1000’s of emails at a time. Even with a 5% success rate from 1000 emails that’s still a nice pay packet for a scammer.

Unless you are importing goods from China or initiating trade deals with India, be wary of impersonal emails that have a “Google Translate” feel to them.

4 – Check if the links to websites are legitimate

Malicious emails will normally have a link in them that directs you to a fake login page or payment portal. If you’ve been duped by the email and the fake link then you will likely fall victim to the fake website that you land on as these are often a like for like copy of what they are pretending to be.

Pay attention to the link. Even if it looks like the real thing it could be masked, hiding an alternative link underneath it. If you hover over the suspicious link in Outlook you will see the actual link shown in the bottom left of the screen, like this:

5 – Reputable companies don’t ask for sensitive information via email

Even if an email looks like it’s from somewhere official such as the government or your bank, it’s always a bad sign if the message asks for personal information. A bank would never ask you via email for your mothers maiden name or your account number, they already know that information. Similarly, a well established company such as PayPal will never ask you for your password, credit card number or to answer a security question via email.

How to handle a suspicious email:

If you do receive a phishing email :

  • Don’t click on any links, open attachments, or expand any included pictures
  • Don’t try to reply to the sender
  • Delete the email from your computer
  • If you do legitimate business with a company mentioned in the phishing email, you can call the business and ask if they would like you to forward the email to them, so they may take further action.

We provide all our clients with state of the art email filtering which drastically cuts down the amount of spam and phishing emails they receive, and if they are unsure of an email we are always there on the phone to offer them advice. If you feel like we can help you out, then feel free to contact us to see what we can do for you.