How to Spot a Phishing Email

First of all, what is a phishing email?

Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website. – National Cyber Crime Security Centre

Phishing can come in many forms but majority of them will try and trick you into taking some form of action. The senders can mimic banks, delivery services, colleagues and friends, read below to learn how to recognise a phishing email.

The top things you need to look out for

Language 

The language used in these emails commonly has poor grammar, punction and spelling. They also try to use language to encourage you to act urgently so look out for phrases such as ‘click here immediately’ or ‘send the details within 24 hours’. They are trying to pressure you to act fast here before you catch on they are a scam. Another language method to look out for is they could refer to you as a generic term such as ‘friend’ or ‘colleague’ which indicates they do not actually know you.

Design 

Does the design of the email have a professional standard that you would expect from a business? Is the email designed to try and make you click on a link? If you are unsure of the sender or something feels off about the email, never click the link! A trick to be aware of is if the entire text of the email is contained within an image rather than usual text format as the image may lead you to click onto a scam link.

Name 

Check the senders name and email address, double and triple check this as phishing emails often attempt to mimic an official email address, often someone you know.

Action

Take note of what the email is asking you to do. Is it asking you to click a link, install some software, view an attachment or provide any personal information? Official sources such as the bank will never ask you to supply your logon details or personal information. If the email is acting as someone you know, think if what they are asking is unusual or out of character.

What should you do?

• Report the phishing email – Make sure you report any phishing emails you receive and inform your colleagues/friends of the email.

• Make sure not to give out any personal information, especially your passwords. Keep your passwords strong and private.

• Protect yourself by using MFA (Multi Factor Authentication) which requires more than one method of authentication such as email AND mobile text message. This will be discussed in the next blog post!