In our recent article about how to stay safe on the internet, we discussed the different types of 'spam' to be aware of. One of these types of spam was 'phishing emails', what they are and how to avoid them. Here we will go into more detail about phishing emails to help you from becoming the victim of a phishing scam.

How to: spot a 'phishing email'

What is a phishing email?

A phishing email is an attempt to acquire personal and sensitive information about you. They imitate the emails from reputable and organisations, such as your bank, Google, Facebook and so on.

Within these emails there will be links to pages that spoof the website of the company the emails are pretending to be from, often on the pretence that a change is going to be made to your account which needs your confirmation. If the email is pretending to be from your bank, or PayPal, it might be saying, for example, that a charge, or other transaction, has been made to your account which requires your confirmation.

So what do they look like?

A phishing email will look like it is from a reputable company and cleverly imitates the organisation. They can appear extremely convincing.

The content of these emails varies, and very much depends on the organisation they're attempting to imitate. For example, an email pretending to be from Facebook may say that you have a new message. One from PayPal may say that you have a transaction pending. Shopping sites such as Amazon or eBay might say that there's been a problem with an order or a transaction that requires your attention. Other phishing emails may say that you've won some kind of prize.

How do I avoid a phishing scam?

Generally, spam filters will weed out phishing emails before they even reach you. However, no filter is perfect. Every day a new scam appears and companies like Google, Symantec and Microsoft essentially play a game of 'whack-a-mole' to catch online spam and phishing attempts before they get to you. However, for the ones that do reach you there are a few signs to look out for to help you spot them.

  • Web-based email clients which are powered by Outlook and Gmail will put either a key icon or a green shield next to emails from genuine companies, so these emails can be trusted. However not all organisations will have the key or shield icon even when they are genuine, but the majority of the large organisations will get these. Alas not all email clients have this feature.
  • The email is unexpected. This is a major one, if the email comes totally unexpected and is a surprise to you it's probably a phishing attempt.
  • The opening lines of the email are generic. When companies such as Google, PayPal, banks and reputable others email you they will address you by your name. So if you receive an email that starts with "Dear Sir/Madam" or doesn't mention your name at all, it's highly likely to be a phishing attempt.
  • The email address doesn't look right. The email address is a good place to start, if it doesn't look like it comes from the company it is supposed to represent it is likely to be a phishing attempt. Automated emails from companies might often have an opening address (before the @ symbol) and might look like a random set of letters and numbers, or info@. But it's what comes after the @ symbol that you need to double check. Especially if it comes from an address anybody can create such as yourbank@hotmail.com, for example.
  • The links in the email don't go where they're supposed to go. If you hover your cursor over a link in an email, most email clients will tell you the URL the link goes to. If it doesn't go to where it says it should, and looks like a random address instead of your bank website, it is probably a phishing attempt.

As time goes on, phishing attempts become more and more sophisticated: better imitating the organisations they're pretending to be in order to get your information, at times even getting a website address that looks like it is an official address of that organisation.

If you're still unsure, Google it. If an email comes in that looks like it concerns you but you're unsure if it's a phishing attempt go to Google.com and search for the company the email is from and login to your account from the search result. This way you know when you are logging into your account that you are not unknowingly passing your details along to someone who wants to use them maliciously.