When it comes to cybercrime, phishing is the most common weapon a criminal uses to obtain one’s personal information, via breaking into their online accounts. Phishing has become so prevalent over the last decade, more people are becoming victims to it each year. It is important to know what phishing email scams are, how to spot them, and what to do when you’ve clicked on one.
What are phishing emails?
Phishing emails are a way for cyber criminals to try and trick victims into giving over personal information. They will often send emails that look like they are from a legitimate bank or retailer.
Phishing emails will usually ask you for the following information:
- Bank account details
- National insurance numbers
- PIN numbers
- Usernames and passwords
- Credit or debit card numbers
- Date of birth
Legitimate companies will never ask for any of the information above in their emails.
Emails containing bad grammar and spelling mistakes
The numerous grammatical errors and spelling mistakes throughout the email is evidence that you’ve received a phishing email. Scammers will often misspell simple words, however, this can be by design. Cyber criminals tend to target people they consider “uneducated” as they deem them easier targets for them to hack.
Along with grammatical errors and spelling mistakes, phishing emails will use common greetings such as “Dear Sir,” “Dear customer,” or “Dear account holder.” They will never address you by your name.
Suspicious email attachments
Phishing emails will usually have a word document, PDF, exe, or ZIP file attached to the email. These attachments usually contain some type of malware that will infect your computer when you open it. Most attachments scammers send in an email will usually be named after some sort of order receipt or refund form.
Emails that demand you to take urgent action
Cyber criminals will word an email this way, in an attempt to get you to take urgent action; getting your personal information as quickly as possible. They usually do this by using scenarios that play on a person’s curiosity like winning a cash prize or other expensive items, stating that you must claim the prize in a limited amount of time. This type of tactic is extremely popular, especially when it comes to scamming people who may be computer illiterate or of an older age because it makes people think irrationally.
Emails are sent from public domain addresses
Cyber criminals will try to act as a legitimate company by making their emails look similar to genuine emails sent out by companies. They hope that you will be easily fooled, but there’s a straightforward way to tell if the email is real or not.
A legitimate company like a bank or retailer will use their own domain for their email communications. For example, eBay will use an email address like:
@ebay.com or @ebay.co.uk
If you get an email from eBay or another company and you are not sure of the legitimacy, always check the domain of the email. Cyber criminals that are trying to trick people into handing over information will often send emails using free email services like Outlook, Yahoo Mail or Gmail.
email@example.com or firstname.lastname@example.org
Emails like these are guaranteed to be fake. A reputable company will never use these email domain services, and they will never ask for personal information like passwords and credit card information.
What to do if you’ve clicked on a phishing email
There are different things you should do depending on what actions you have taken when receiving a phishing email.
If you’ve clicked on a phishing email and have not clicked on any attachments or links within it, simply report the email as phishing and discard the email.
If you’ve opened an attachment from a phishing email, make sure you disconnect your device from the internet as malware could spread to other devices connected to your internet. It will also stop a hacker from sending information out from an infected device. Make sure to scan your devices with malware software to detect if malware is present on your system. You should also backup your files in case you need to reset your device.
If you’ve clicked on a link, make sure you change your passwords on all of your accounts and enable two-factor authentication, as this makes it difficult for hackers to access your important accounts. If you’ve input any banking details onto the website from the link you’ve clicked, call your bank to have your details changed to keep your money safe.