How to identify phishing emails

by Igor Termenon

Phishing emails have become popular during the past few years. The term phishing is used for defining a type of crime based on email messages that are designed to steal your identity. These messages claim to be from a company you trust, most of them say they come from organisations like eBay, PayPal or the most common banks.

These emails have often the same aspect as the ones you receive, for example, from your real bank. The criminals use the same logos, colours and design so these messages look like a legitimate email marketing message. They ask for personal and financial data that can be later used to either withdraw money from your accounts or to commit identity theft.

We’ve prepared these tips to help you identify phishing emails and deal with them.

What does a phishing email message look like?

On the surface the sender address usually looks like an email address coming from a real institution and most of the times it even has the same domain, but don’t be fooled! Criminals know how to fake the addresses in order to make them look completely legitimate.

In most phishing emails the recipient address won’t correspond to your address, this is a great way of knowing if the message you have received is fake. Most organisations send their messages individually to their clients, so if you receive an email that contains multiple recipients then it might not be real.

The subject of the message can be a clear indicator of its legitimacy. Most phishing emails include words like “warning”, “urgent” or “important” on their subject. The person who the email is addressed to can also be a good way of knowing if a message is real. Your bank will use your name when addressing you, and not “Dear Customer”.

Bank Safe Online have an updated phishing email database on their site with a list of banks and the most common scam emails for each of them.

What are the most popular messages?

These are some of the most common topics in phishing emails:

“Verify your account”: A company won’t ever ask you to send your personal information or account details via email. If you need to change your password or update your information you can do it on their site. Never share any personal information in an email. Your bank will never, EVER, ask you disclose your password and account info to ANYONE – even their staff. This should be an immediate indicator that the email is a fake.
“If you don’t respond within 48 hours, your account will be closed”: Social networks or email servers won’t close your account for no reason, this is one of the most popular phishing emails.
“You have won the lottery”/”My client left you £4,567,890 in his will”: We honestly wish these emails were true but all these messages offering you money in exchange of your personal data are unfortunately fake.
There are so many different types of email scams and most of them are quite funny and might make you wonder who can actually believe they are true. Scamorama collects some of the most hilarious phishing emails around the web.

What happens if I click on the email link?

If you click on the link contained in the email you will be redirected to a fake site that looks really similar to the one from your institution. The addresses of websites from financial institutions or any kind of site in which you are required do a payment or provide personal information start with https instead of http, although most criminals nowadays can also fake their addresses so they look like a secure connection.

These websites will ask you for personal information such as your card PIN or passwords, your bank will never ask for this kind of information so keep it in mind in case you’re redirected to a site requiring this type of data.

If you’ve entered your details, first thing you need to do is contact your bank or organisation immediately and ask them to freeze your account until they can investigate if there have been any fraudulent transactions.

This game by Scam Detectives is a good way of training you on scam emails, you have to decide whether the shown messages are real or fake and then click on the option you think is correct. Once you have made your decision it shows you the real answer and some tips to identify scammers.

Have you been a victim of email scam? What’s your advice for detecting phishing? Share your thoughts in the comments section below.

Leave a Reply