What's Going On With IT? News and views from the world of IT

How To Spot Phishing Or Spoof Emails

Phishing Email Example
An example of a phishing email from a fictional bank

Phishing is the term for emails which try to trick you into doing something by pretending they’re from someone else. For example you might get an email that appears to come from your bank asking you to click a link and enter your credit card details for “security purposes”. That link doesn’t really take you to your bank website and you end up giving the phisher your credit card details!

With this in mind here are our 8 tips to avoid phishing:

Tip 1: Don’t trust the sender’s name

The first place to check is the address of the sender. At the top of the email in the header you’ll see something like this in a legitimate email:

From: Barclaycard <barclaycard@mail.barclaycard.co.uk>

This includes the “barclaycard.co.uk” which is also the sites real website address. A phishing email might have something like this:

From: Barclaycard <barclaycard893@gmail.com>

This has actually come from an “gmail.com” address which anybody can setup.

Tip 2: Don’t click the links

If you hover your mouse over a link in an email you will see the full address that the link will take you too. A legitimate email should be easy to spot as the link will start with the correct website for the sender. Using our Barclaycard from above you’d expect to see a link along the lines of “https://www.barclaycard.co.uk/…” and a phishing email might have something like “http://barclaycard.usenet.com/…”

Tip 3: Beware of emails preying on your fears

Emails which try to make you act in a hurry, especially where money is involved, should ring alarm bells. A favourite trick is to send you a fake invoice as an attachment which you’ll open without thinking about it because you’re worried.

Tip 4: Don’t give up personal information

Banks and other professional companies will never ask for personal information via email. If you get an email asking you to confirm your credit card number or other personal information that could be used for identity theft don’t give it away.

Tip 5: Check for spelling errors

Companies take their brands seriously and wouldn’t send out emails with bad spelling or grammar. Poor quality logos are another indicator of a fake email.

Tip 6: NEVER open the attachments

Attachments on an email you’re not expecting are a big red flag. You are unlikely to see any attachment from an online shop or your bank so treat any attachment as highly suspicious.

Tip 7: Check the signature

Lack of contact details in the email signature strongly suggests a phishing mail. Legitimate businesses will always provide plenty of ways to contact them.

Tip 8: If in doubt, contact the company direct

If you’re ever in doubt over an email or you’re worried that the invoice you appear to have received could be real. Look up the company and call them directly.

Bonus Tip 9 : Talk to us about anti-spam for your email

This one isn’t so much a tip for spotting spam mails but a way of avoiding a large amount in the first place. Give us a call about implementing an anti-spam gateway for your emails so that the majority of phishing emails never even reach your inbox!