A Look Into Phishing Emails And What You Can Do To Protect Yourself

What is phishing?

Phishing emails are a form of cyber-attack carried out by criminals to try and gain access to your bank details/login details/computer accounts etc. The emails they are sending out nowadays look a lot like real emails you’d receive from official companies or government admin. Their aim is to get you to release sensitive information, whether they claim to be from Netflix, DVLA, or the government itself. A typical phishing email claims that you have to take urgent action on something and whatever it is requires you to click on a link or open an attachment.

What to look out for // STOP

One thing to be aware of is the STOP method, this will help you when it comes to differentiating scam emails and legitimate emails and it goes as follows;

S - Suspicious. Are you signed up to that company?

T- Telling you to click a link.

O - Offering something. Is it too good to be true?

P - Pushing you to act fast.

One of the first things to look out for when figuring out whether it’s a scam email or is in fact legitimate is the email address of the sender- all companies will have official customer service or support emails that, if they are to contact you, will be used to do so. If the email address appears dubious and seemingly like a private email or a copy of the companies, you can safely assume it’s a phishing email. To be absolutely sure you can hover over the email address and it will come up with the original sender. Should you notice this don’t scroll further down the email as you run the risk of accidentally clicking a link or button that could be detrimental; just block the sender and delete the email.

Although it seems obvious, always look out for spelling and grammar issues within the email. If a company were to email you the chances of there being any grammatical issues are extremely slim so be sure to look carefully and try to spot if there are any obvious mistakes. A lot of the time these mistakes come in the form of things such as the words being mixed up and in the wrong order or the presence of extra letters (especially ‘s’ at the end of words). Spelling errors in general are highly unlikely if sent from an official sender as the email will have been through numerous checks prior to its release. In addition to this, when a company or business you have an account with emails you it is likely they’ll address you by your name (“Dear ……”), whilst with scam emails they often just write a generic entry (“Dear customer” for example).

Website links are relatively common when it comes to phishing emails as they have the power to make an email look more ‘legit’ than it actually is. If you ever receive an email with a link, maybe telling you to click and renew your bank details or to enter login details, stop and think before you do. It’s always worth going on the official website whether that be Netflix or a bank and looking to see if what you’re being asked to do is legitimately linked to your account.

A common trait in a scam email is time pressure- a lot of scammers will make a point that you have to fill in your details in a certain amount of time otherwise you’ll be locked out of your account or you won’t be able to claim your prize, whatever it may be. Think about how many legitimate emails you have had regarding an account that has been under a time limit. Act against the pressure, go and ask a colleague or member of your family their thoughts on its legitimacy or even just walk away and come back because chances are if you’re not feeling pressured by the time limit, you’ll read it in more detail and might start to notice other issues with it.

Plain, unbranded emails from companies are another trick to be weary of. If you receive an email from a company you would expect it to be branded, either with a header design or a complete layout that is specific to their brand. Although the phishing emails being sent out are getting harder to spot, an unbranded message should always ring alarm bells. Adding to this you might receive a message where a scammer has used an image of the logo of a company and copied it into the email, but it has been stretched to size so looks far from what an official company logo looks like.

How are they dangerous?

By falling for a phishing email, you are putting your own and your contacts’ personal details at high risk of attack. If you do click a scam link, you’re immediately letting the scammer know you are alive, active on your emails and likely to fall for scam, so before you’ve even entered your details your verified email will have been shared and chances are, you’ll receive a mass influx of scam-mail in a short amount of time. If the link does then lead to a form or a login page that’s there to compromise your computer, before you’ve even entered your details the scammers have access to a range of your personal details and could begin using them for fraudulent activity. If you enter your details not only do you run the risk of giving scammers access to passwords and bank details but there are three other, potentially more dangerous things the scammer could do. The first being, they could install ransomware onto your computer which would in turn lock away your files until you pay them a certain fee. The second is that they could open ‘Trojans’ which, put simply, would leave your computer open for external data theft. The last is the risk of bots, which is where the scammers will ultimately hijack your computer and will then use it as a base to start scamming other people.

If you'd like to find out more on this subject, here is a useful YouTube video explaining phishing emails.