What is a 'phishing' email scam and simple ways to protect yourself

Phishing emails are increasingly becoming more and more realistic and studies show that around 97% of people around the globe cannot identify the difference between a legitimate and a phishing email.

 

What is a phishing email?

Phishing emails are used by fraudsters to encourage people to visit fake websites. They are normally created to look like they are from a secure company or brand you recognise and come with an important message to make you act on the email.

Examples could be:

“Your bank account details have been compromised”
“You are due for a tax rebate”
“You are entitled to a refund”

These emails tend to make you follow a link which will then lead you to a bogus website where you will be asked for confidential information like bank details, login details or anything else they can use to defraud you.

Alternatively, these emails could be used to encourage you to download an attachment to your computer or device. They claim that it is something useful to you, such as a tax rebate form, a discount coupon or a piece of security software- when in fact, it is a virus that contaminates your device with malware. This is used to steal personal details from your device or even to hold it to ransom until you pay them a fee.

 

Tips to Identifying a phishing email

• Display name: Even if the display name looks like a legitimate company or one that you actually use, they are very easy to spoof so don't assume you can trust it. Most user’s inboxes only show the display name but it is important that you check the email address that it has been sent from and whether it looks legitimate.
• Spelling and grammar: Businesses and companies are normally very professional in the emails they send to their customers so rarely make spelling or grammar mistakes. So, read the emails carefully and if you notice it to be poor, it is a good indicator that it is a scammer. 
• “Dear Customer”: Fraudsters tend to send out thousands of emails at one so if they address you at the start of the email with a very vague salutation like “To our valued customer”, or “Dear (your email address)”- watch out. Genuine companies normally personalise their emails with their customer’s names.
• Contact Details: Legitimate companies always leave their contact details- if this information is very vague or completely absent, it is a strong sign of a phishing email.
• Personal Details: If an email asks for any personal information at all there is a very high chance it is a scam. Reputable companies or banks have no reason to ask for this- your bank already knows your account number.
• Urgent or threatening language: Fraudsters very often use urgent language to take advantage of your concern and force you to act on it. If it does concern you and you want to check it, don’t click on their email but type the company they are claiming to be from into your search engine instead.
• Initiation: A popular phishing email is “You’ve won the lottery”- but you never actually bought a lottery ticket. Don’t be drawn in by tempting offers.

 

How to identify a fake email address

Your email inbox will display who the email is from, however, there is no verification actually performed. The software has no way of knowing if an email is actually from where it says it is.

It is very important to make sure you look properly at the sender’s email address in the header/ column titled ‘from’, as this will help you to determine whether it is a scammer or not.

A lot of the time, fraudsters will sign up to free emailing accounts like Yahoo or Gmail and forge an address, normally adding the company name within it to make it look legitimate. An example of a forged address could be ‘Natwest@gmail.com” instead of ‘…@natwest.com’- large businesses don’t use public email services.

 

Clever use of domain names

Another way that a fraudster could fool you with a fake email address is to buy a domain name.

This is a domain name:

Anyone can buy a domain name, but ‘natwest.com’ is owned by NatWest Bank so it is not available for anyone to buy.

However, someone could buy this domain name:

(or something similar that is available)

Being the owner of this domain name, they can create what is called a sub domain name. Like this:

They can put whatever they want, followed by a dot, in front of their domain name. Like this:

They can then send an email using this sub domain. Like this:

brian@natwest.customercare.com

Unless ‘natwest.com’ is the domain, the email address is fake. These are very realistic and can easily fool a lot of people so it is important to look very carefully.

 

Find it useful? Please share!

Subscribe for Updates

We will email you monthly details of our latest:

• Business and consumer guides
• Finance news
• Information and awareness about the latest frauds and scams, to help you avoid them.  

I want to receive email updates

By submitting your email, you agree to our Terms and Privacy Notice. You can opt out at any time.