How to spot phishing emails (Part 1)

So-called ‘phishing’ emails work by tricking you into clicking a link to install malware on your computer, or convincing you to input personal data that the attackers then steal. As you’ll have gathered, they’re bad news.

But with these malicious phishing emails getting better and better at replicating legitimate ones, what are the signs you can look out for to help you avoid falling foul of this ever-present form of cyber attack?

Look at the email address of the sender

No, not the display name – the actual email address. It’s easy to confuse the two, as scammers often set a legitimate email address as the display name while the actual one is something completely different.

If the email is purporting to be from Lloyds Bank (say) and the email address ends in a free, publicly available domain such as “@gmail.com” or “@yahoo.co.uk”, it’s not legitimate. With the exception of some very small businesses and tradespeople, virtually every business will have its own domain name – an email from Lloyds Bank would come from an address ending @lloydsbank.com, for example.

Don’t be fooled by the scammer including the name of the brand in the email address, either – ‘lloydsbank@yahoo.co.uk’ clearly won’t be from the real bank. Don’t forget that anyone can buy a domain name, so they could also be using a misspelt version of the real one, such as ‘lloydssbank.com’, which at first glance you may not notice. And on the subject of misspellings…

Look out for spelling mistakes and typos

Phishing emails often do a fantastic job of emulating the look of legitimate ones from brands you know and trust, using the same logos and email layouts as the real thing. But scammers often fall down on the details. Read the text carefully and you might well find you spot typos, spelling mistakes and grammar errors that you’d never find in a real email from the likes of Lloyds Bank. Nor will real emails start their message using odd salutations such as “Greetings of the day”.

There are suspect buttons, links and/or attachments

The aim of a phishing email is to get you to click on a link or attachment, which either downloads something dodgy onto your computer that they can then use to steal your identity, or gets you to hand over your data willingly by filling in a form. If you hover over the link (without clicking on it) you should be able to see where it goes, and you can apply the same principle as you did with the email address. If it’s legitimate, it should go to the company’s official domain.

It’s harder to spot a dodgy link when it’s hidden behind a button, so if in doubt, never click a link or button – even if it’s shouting at you to “click here” or “log in now”.

The email just doesn’t add up

We all know that if something seems too good to be true, it probably is. For example, if you’ve received an email supposedly from the National Lottery telling you that you’ve won a life-changing sum and need to fill in your details to claim, it’s almost certainly not genuine (even if you have actually entered!).

The opposite is also true – if an email bears very bad news and asks you to take immediate action to rectify it, the chances are that’s not real either. For example, if you’ve received an email allegedly from HMRC saying that you urgently need to send your bank details because you owe a late payment fine, stop and think – wouldn’t HMRC send you a letter rather than an email about something like this? And didn’t you actually pay your tax bill on time?!

Phishing emails are getting cleverer, but with a little vigilance you can still avoid falling victim to them. In our next post, we’ll look at what to do if you’ve received a phishing email or worse, clicked on a link in one…

Posted on: 31st January 2022.