How to Identify Email Phishing Scams

As the use of technology increases, so does cyber crime activity, which means that cyber security is more important than ever before. One of the most common methods criminals use to target internet users is phishing, particularly through email. Falling for a phishing scam can have serious consequences particularly for businesses, which means that understanding how these scams work and how to avoid them, is critically important in the modern workplace. In this article, we’re going to look at the best ways in which you can spot email phishing scams before they can do any harm, and how you can help ensure that they don’t become a problem.

What is Phishing?

The principal aim of phishing scams is to acquire sensitive information, which can be used for a variety of criminal activities, including gaining access to further data, accounts, and even stealing money. This is achieved by posing as a credible person or organisation, and tricking the recipient into divulging information such as passwords, other account credentials, and bank details.

Phishing can happen through many different types of media, including phone calls, texts, social media, web links and of course emails. Often, the scammer will pretend to be your bank, HMRC or a large trustworthy organisation such as Microsoft to trick you in to sending them your security details. These scammers will often mock up a website that looks like an authentic one, in which they will ask you to enter your information.

How to Spot a Phishing Email

Thankfully, careful vigilance can protect you and your organisation from phishing scams completely. Unlike some cyber crime which can be almost unavoidable, such as ransomware attacks, phishing relies on you as a person being fooled - it cannot be successful without your cooperation. However, this does mean that cyber criminals choose to repeatedly engage in phishing campaigns because it is generally easier than complex hacking, so constant awareness is required.

There are a number of ways in which you can spot whether or not an email is genuine, and whether it might be a scam. Some of the checks you can perform on a suspicious looking email include the following:

Is the email address authentic? Phishing email scammers do a very good job of making the ‘sent from’ email look legitimate, but check the domain in particular - does that domain actually go to the real site for the organisation the email purports to be from? You can also cross check against previous emails you’ve received from that company.
Do the links lead where they say they do? If you hover over any of the links contained within the email, you’ll be able to see where they point. If this is a different place to where the text suggests, there’s a good chance the email is trying to trick you into following the link.
Does the email contain threats? One of the main tactics scam emails use in order to persuade their victims into taking actions is by making threats in the email content. These are usually regarding account closure or fines. On the other hand, does the email make out-of-character promises, such as suggestions that you’re owed a tax refund?
Is the content of a good standard? Check the spelling and tone of the email content. If there are mistakes, and the email doesn’t sound like the organisation it claims to be, there is a good chance that it’s fake. Large organisations will ensure their emails have a consistent voice, and contain no grammatical mistakes.
Who is the email addressed to? Your bank and other organisations you do business with will know your full name - phishers may only have part of your name, or might not even have it at all.

Aside from the above, simply use your common sense. If you sense that something is off about an email you receive, then take steps to confirm it’s authentic. It’s always better to be cautious.

How to Protect Yourself

In addition to being able to spot a suspect email, there are a variety of ways that you can protect yourself and your organisation from the dangers of phishing. Some of the most widely used techniques include the following:

Using an email filter designed to prevent phishing emails from reaching your inbox. There are a variety of ways in which these work, but often they cross check incoming emails against addresses from known scammers. Most email providers will employ these filters, and they catch a great amount of suspicious incoming emails. Note however that they naturally cannot be 100% effective, so vigilance is still required.
Using a web filter designed to prevent access to malicious links. These web security gateways work by cross checking any links that you click against a database of known malicious links.
Notifying others in your organisation if you see fraud emails in your inbox. It’s rare that only one member of an organisation will receive such an email. Phishing attacks tend to happen as a group.
Ensuring your antivirus software is up-to-date and able to protect your computer if a link in an email points to a malicious software download.

It also helps to keep abreast of any new well-known phishing scams that are in operation - there are a variety of resources available on the internet to help you with this.

The Introduction to Cyber Security course, offered by Virtual College, is an ideal starting point for keeping you and your organisation safe online, and goes into further detail about cyber crime such as phishing. Click here to find out more.