How to spot phishing emails and avoid scams

Scammers are getting more and more sophisticated. It’s now all too easy to get caught out and end up sharing personal details, customer data, sensitive information …or even losing money. 

One of the most common scams is phishing. 

What is phishing?

A phishing email has the appearance of a normal email, particularly from a website or company you may already use. The hackers are trying to trick you into clicking on a link, which will either download malware onto your computer or lead to a fictional website and request you to input details.

For example, the email may appear to be from Amazon. It will have all the Amazon logos and be written in an official manner. The email could say that your delivery is delayed and they need you to log in to update your delivery address. By clicking on the link, you download malware. Alternatively, the link takes you to another fake Amazon site. You log in thinking it’s the real Amazon and by doing so you provide the hackers with your real Amazon login details, so they can hack your account.

The phishing email can take many forms – it could look like your bank asking you to log in or even your boss asking you to provide the company bank details for an upcoming client transaction. 

How to spot a phishing email?

Whenever you are asked for details, or to login to an account, you should be suspicious. 

• Is the email from a shipping or courier, asking for updates for your package?
• Is your social media account asking you to log in before your account is closed?
• A bank asking for “account verification” – they may try and provoke urgency, saying that someone else is trying to log in

What gives these away as phishing emails?

• Click on the email address – the name of the email might be Amazon (for example) but the actual address might say 135443628@gmail.com or another random address that clearly isn’t official. It might even have Amazon, followed by random numbers like amazong123129@yahoo.com. The actual address, rather than the name of the sender is a big giveaway.
• Legitimate companies do not use email addresses with @gmail or @yahoo or @hotmail – they will have their own email addresses, like @companyname.com. There are exceptions, especially with smaller companies, but be sure before you respond or click on any links.
• Hackers know that generic email addresses look suspicious. So, they may set up a similar domain name, with minor spelling differences they hope you miss. This means they can set up official-looking emails like do-not-reply@amaazon.com – and a quick read of the email address may make you think this one is legitimate. It’s too late before you realize there’s an extra A. 
• Don’t click on the links. If you are worried, then contact the company directly. For example, if they are claiming to be from Amazon, do not click on the link. Instead, go to your Amazon account independently and contact customer service asking if this is legitimate. 
• Emails that provoke urgency might be trying to trick you by making you panic – for example, a bank email telling you to hurry before all your money is stolen
• Poor spelling and grammar is indicative of a phishing email

Phishing emails are designed to catch you out. As a rule of thumb, if you are being asked for anything – to click on a link or to provide details – it’s a red flag. You can never be too careful. In the modern day and age, you have to keep your wits about you.