2:00 AM 24th December 2021
Five Ways To Spot A Phishing Email
image by Solen Feyissa on unsplash
In this next instalment with the Yorkshire Times, Jamie Durham takes a look at the practice of ‘phishing’, sharing how email users can identify and eliminate the dangers posed by this increasingly common — and potentially costly — tactic.
It’s believed that over 50% of the global population are now using email platforms, sending a combined total of around 300 billion communications per day*. And amid the flurry of messages sent and received every hour, it’s no surprise that hackers are employing a range of underhand tactics to exploit this.
Phishing, a method which sees criminals emulate well-known brands to trick unsuspecting email recipients into revealing sensitive personal information – including bank details — accounts for around 1% of this total.**
And with just one successful attempt, this practice can prove particularly lucrative for perpetrators — which means knowing what to look out for is vital if email users are to keep themselves safe.
We all know that mistakes happen but spotting spelling errors in an email claiming to be from a well-known brand, is often a giveaway that the communication isn’t genuine.
Well-established organisations will have robust processes in place, meaning that this type of oversight is unlikely to slip through the net. And if multiple mistakes are present, this is an even bigger sign that the email is not authentic.
Unexpected email address formats
Checking the sender’s email address is a quick and easy way to establish the legitimacy of correspondence.
Large companies will usually have a standard email address format, which references the business name in some form, after the @. If this is missing, or the domain appears particularly informal, it is a reason to remain vigilant.
In modern times, businesses tend to address their intended email recipients personally in any correspondence.
In phishing emails on the other hand, generic greetings are common — as are unusual sentence structures. An email which opens with Dear Mr or Miss with no surname, for example, should raise suspicion.
Requests for personal data
An individual or company asking for personal data — especially bank details or passwords — is one of the biggest indicators that the intent of an email may be malicious.
Never enter sensitive information in response to any unexpected request. If in doubt, use a search engine to find the official telephone number and contact the company directly to verify the legitimacy of the communication.
High pressure messaging
When initial phishing correspondence is avoided, offenders can often turn to high-pressure tactics in an attempt to persuade victims to comply with their demands.
They may use messaging designed to scare recipients into responding, including the threat of fines and other penalties. But this is a significant red flag. Don’t be intimidated into acting immediately, this is where costly errors can be made.
Take a step back and question what you’re being asked to do. It may even be useful to ask for the opinions of others who may be able to help establish whether what has been received is authentic.
Overall, trust your instincts
If an email raises your suspicions, the chances are there is good reason. In most circumstances, genuine correspondence will be professional in tone and format, will not contain glaring mistakes, and will often reference the recipient by name.
Messages from established companies will originate from a sensible email address. If from a bank, for example, you would expect the organisation’s name to feature. While requests for passwords and bank details, or unexpected refunds, should be regarded with extreme caution.
If there is any doubt at all about the legitimacy of an email, do not click on links or engage with the content further. Close down the correspondence and use a search engine to find contact details from a trusted website, so that you can check the authenticity of any communications before acting.
If it becomes apparent that the email is suspicious, do not engage and delete the email immediately. Phishing can have serious repercussions for those who succumb to this tactic. Remain vigilant and approach any unusual correspondence with caution.