People still fall victim to phishing attempts. Whilst some are glaringly obvious, others can be quite sophisticated and believable. We’ve put together seven helpful tips on spotting attacks.
1. Domain
Legitimate organisations will use their own email domain name. For example, a bank wont email you from a @gmail.com account. Be mindful though, some attackers may use a domain name that looks familiar but is in fact misspelled to trick you into thinking it is legitimate.
2. Hyperlinks
When you receive an email from a legitimate business which contains a link, you’d expect the link would direct you to ‘<legitimatebusiness>.com’.
Beware, hyperlinks can be concealed within buttons on an email and can be clicked without realising where you are being redirected to. To not fall foul and give you transparency on where you’re being redirected to, from a PC, hovering the mouse over the button will display the URL so you can determine if you’re being redirected to a legitimate page. Alternatively, on a mobile device, hold down on the button and a pop-up will appear containing the hyperlink for you to view and determine its safety.
3. Panic
Some attacks rely on a sense of urgency and imposing panic on the victim to extract personal and confidential information. An example of this can be to update your payment details for an unpaid invoice which will suspend a service/default on a repayment etc. Take a moment to consider if this is a scam. Rather than clicking any links within the email to update your details, contact the institution directly to check if this is a legitimate request.
4. Tone and style
Whilst an email may appear to be coming from someone you know, look beyond the content of the email. Does the writing style and the tone in which they compose their messages remain consistent with previous correspondence? If you’re not sure, give them a call or use an alternative service to contact them to confirm they reached out to you.
5. Spelling and grammar
Beware of emails and messages that contain mistakes with spelling or grammar. Legitimate businesses have departments of staff to ensure spelling and grammar are always correct in communications. Phishers typically don’t have the same resources, so poor spelling and grammar are usually a sign that the email is a phishing attempt.
6. Greeting
Be mindful of how you’re being greeted. Be suspicious of generic greetings such as “Dear Sir/Madam” or “Hi”.
7. Attachments
Receiving an attachment in an unsolicited email is a simple way of spotting a phishing attempt. Attachments can be used to transport malware which can wreak havoc on a user’s device to capture information. It is best practise to be cautious about all attachments regardless of their source, even more so from someone you don’t know.
Following these tips, using common sense and and generally raising your own awareness around the tactics attackers employ will greatly reduce your chances of becoming a victim of phishing attempts.
