4 Tips On How To Spot A Phishing Email
This post was originally published on the IT Boss blog. It has been transferred to the Codeboss blog in order to maintain its content on this site.
Phishing emails are designed to bait you into giving your personal or business information to the Phisher. This person then uses that information to access your accounts for all kinds of services, from banks and financial institutions, social media services like Facebook, and even your online computer games.
The email is made up to look like it is from an organisation you do business with, and generally includes links to a phony website that looks like the original site.
If you take the bait, you’ll end up on the fake site and will be asked for your username and password, or the site will attempt to install a keylogger on your computer. (A keylogger records your keyboard when you log into your online services and sends the info back to the phisher.)
The Phisher then uses your info to log into your account and steal your stuff.
So how do you spot a phishing email?
- Is the email from a service you actually use? I get a ton of emails supposedly from all sorts of businesses, some of which I have never used. Or, if I have used them, the emails have been sent to email addresses that I haven’t used for that service. I usually delete these immediately. Never click on the links in these emails.
- Look for bad grammar and spelling. A lot of these emails originate from countries where English is spoken as a second language, or not at all. So some of these emails contain obvious spelling and grammar mistakes that you wouldn’t expect from your bank or an organisation that takes professionalism seriously.
However, don’t bank on all phishing emails to be unprofessional, some of these scammers go to great lengths to make their emails look legitimate.
- Check the links in the email. But do this without clicking on the link. Just hover the mouse pointer over each link. You’ll see the actual link address either at the bottom of the page, or in a tooltip window (if you are using Outlook.) If the link address isn’t the same as the website then you’ve got a phisher. For instance, the Paypal site is paypal.com or paypal.com.au if you are in Australia. If the link address on your email is anything else then don’t click on it.
Also be aware that some phishing addresses use the name of the organisation in the address, like paypal.something-else.com. In this case, the website you’ll go to is at something-else.com, not paypal.com.
- Install a decent security program. Most anti-virus software these days doesn’t just check your computer for viruses. Applications like Kaspersky also hook into your email clients and browsers and spot phishing emails and websites that host malware.Google, through its Chrome browser will also warn you if attempt to go to a website with malware.
These tools will help you avoid being hooked by a phisher if you miss the signs.
This last tip is not so much something to check for, but something to do. If you are unsure about any email you receive, even if it is legitimate, don’t click on the link. Rather, open your browser and type in the web address directly. Sure, it takes a bit more effort but at least you won’t get hooked by a phisher.
Phishing emails can range from the relatively unsophisticated and obvious scams that they are, to sophisticated attempts to steal your identity information. Sometimes, they can be very hard to detect. Phishers, like any other criminal work hard to keep one step ahead of their victims. But, by keeping an eye on the emails you receive and following the steps above you should be able to avoid becoming a victim of this class of confidence job.