How to spot phishing emails
The way we do our banking and spending has changed drastically over the last few years; it’s been estimated that around 93% of people now use online banking to manage their finances, and people use contactless payments far more frequently than chip and pin. In an increasingly-digital age, it’s never been easier to set up an account, keep track of your money, and keep an eye on what you’re spending.
However, this has led to other changes – the way fraudsters operate. There are many methods fraudsters now use in order to gain access to your information and one of the most prevalent is called 'phishing'.
There’s one surefire way to know if you’ve been a victim of a phishing scam. If a company contacts you claiming you have to pay money towards an account, or that you’re due a refund – but you definitely don’t have an account with them – it’s a scam.
However, if someone you use – such as an energy provider or a bank – contacts you and you’re not sure if it’s genuine, here’s a guide to spotting genuine communications.
What is phishing, and how does it work?
Phishing is a method used by fraudsters to gain access to your personal information, such as usernames, passwords, card numbers, and account details. Once the criminals have your information, they’ll then use it for financial gain – either by emptying your account, or by using your details to apply for credit cards and loans.
Phishing often takes the form of an email or other electronic communication, such as a text, where the fraudster will pretend to be a legitimate organisation or service. Communications may often contain attachments or links to websites which are intended to infect your computer or mobile device with malware or spyware.
What are the signs of a phishing email?
It can be hard to know for sure if you’ve received a phishing email. Emails sent from companies you know and trust may read well, and look professional; they may have an extreme likeness to legitimate emails you’ve received before. However, as long as you exercise caution, and look out for the following list of tell-tale signs, there are ways to avoid falling victim to these scams.
You're asked for personal information
A genuine company will never ask you for personal information, such as your card number, passwords, your address, or your phone number. Likewise, a fraudster may not necessarily have any of your information, so if you are addressed as ‘Dear Customer’, ‘Dear User’ or referred to by your email address, then it could well be a phishing scam.
Poor spelling and grammar, or distorted images
This is probably one of the first things you’ll spot. Fraudsters often do a very good job of copying legitimate emails from companies – but very often they misspell words, the tone seems wrong, or the email design looks unprofessional. Look out for spelling mistakes - for example, ‘Sing in’ instead of ‘Sign in’, or language which feels like it’s been translated or put together in poor English. Other signs of phishing emails can include stretched logos which don’t quite fit the email, and blurred or pixellated images.
Genuine organisations take their email communications seriously, and emails will be checked by an editor before being approved – so consider spelling and grammar mistakes a probable tell-tale sign that the message is from an illegitimate source.
Often URLs in a phising email will look genuine, but by hovering your mouse over the top of the URL, you should see the actual address. If this address differs from the one displayed, don’t click on it.
Urgent calls to action
Fraudsters will say anything to encourage you to click on the links in phishing emails and entering details – so be careful, because once you’ve clicked through, fraudsters can steal information within minutes.
Usually phishing emails will urge you to take an action, telling you that your account has been closed, locked, or that you have been billed for an item you likely wouldn’t have bought (even small amounts for things like app purchases). They may also say that you can only settle a payment or avoid a fee by paying today, or that you can only claim a refund until the end of the day.
Although it might be possible you could receive a genuine email regarding account security or purchases, don’t click on any links you receive. It’s better to call the company directly and ask about the email, or log into your account and see if there’s any matching information on your account.
Something doesn’t feel right
Simply put, if you suspect the email might be a scam, it probably is. Go with your instincts on this one, and if you are in any doubts about the legitimacy of a message or contact, speak directly to the organisation about the matter and never share your personal information online.
What to do if you receive a phishing email
If you think you’ve received a phishing email, or other form of fraudulent communication, here’s what to do – even if you haven’t clicked on any links or interacted with the email in any way.
- Report it to the police, so they can investigate it – and hopefully shut the fraudsters down. This also means you’ll be given a crime reference number, which you can use in case the criminals get hold of your details and use them to commit fraud.
- There are two different sections of the ActionFraud website for phising emails; one for people who want to report a scam, and another for people who are worried their details may have been used for fraud – so they need to report a crime.
- If you’ve clicked on a link, contact your bank as soon as possible to let them know what happened – they can put a stop on your account or ‘freeze’ it to prevent funds being taken out.
- If the scammers email you again, don’t reply to them – even to say that you know you’ve been scammed and reported them to the police.
- Don’t delete the email or any communications you’ve received – these can be used an evidence to help you claim back any money you might have lost.
- How to spot and avoid travel scams
- Infographic: What is a money mule?
- What is money laundering?
- What is a Ponzi scheme?
- How to report identity theft
- How to protect older people from being scammed
- Using contactless mobile payments and apps
- Safeguard your personal data when using smart home assistants
- Safeguarding your family’s personal data on smart toys
- How your identity could be stolen offline
- Protect against ID theft when making mobile payments
- Online Fraud Terminology
- What is anonymous browsing?
- Distributed Denial of Service explained
- How secure is your email?
- Identity theft and fraud explained
- Financial fraud explained
- Best practices for avoiding identity theft
- Stay safe online: Creating a secure password
- Scam avoidance: A few ways to help stay secure
- Are smart gadgets putting you at risk of identity theft?
- Helping your children stay safe online
- Should you share your location on social media?
- Safeguard your personal information on video game consoles
- Would you do internet banking on your smart TV?
- How fraudsters use Wi-Fi hotspots to steal data
- How to avoid email fraud
- Preventing your child’s identity from being stolen
- Keeping your personal information secure when moving home
- Protect yourself from becoming a victim of SMS phishing
- Protect against identity theft when sharing photos online
- Safeguard your identity on mobile apps
- Your social media profile and identity theft
- What is credit card fraud – can you prevent it from happening to you?
- How fraudsters can hijack your browser
- Safeguard your identity on Facebook and other social media sites
- Going on holiday - keeping your identity safe
- How to prevent smartphone identity theft
- Shopping online – staying safe against identity theft
- How to spot and avoid romance scams
- Facial recognition and identity risk
- Dealing with phishing phone scams
- How cyber attacks happen
- Safer Internet Day – protecting children online
- 7 Signs of Identity Theft
- How to avoid contactless card fraud
- What Are Data Breaches?
- ID Fraud Overview
- How Financial Crimes Are Hidden in The Dark Web
- How much do you know about the Dark Web?
- Are you losing your identity?