First of all, we need to understand why this happens
Scammers / Spammers etc send out thousands of fake emails per day pretending to be legitimate companies with the hope that just one person will:
- Click the link (every click is tracked) this means the email address or you personally are an easy target for future attacks/scammers
- A form is filled out with your email and password, these details might unlock other accounts (e.g. your social media/Paypal etc) allowing future scams etc
- Reveal their credit card details in a similar method to the above
- Click a link that takes you to another scam page where the scammer generates a lead/earns a commission from a 3rd party etc.
Is it really still an issue in 2017?
…phishing scams, Microsoft say are costing the world as much as $5bn a year. 1
“Millions of dollars are stolen on a daily basis, with absolutely no thought given to victims, who are losing vast amounts of money, homes, relatives, jobs and worse. Contrary to popular belief, it is not just ‘greedy and stupid people’ that fall for these scams.”2
Is it just email?
No, phishing attacks come via social media messages, text messages, Whatsapp, Tweets, phone calls, voicemail, letters in the post and even door to door scammers.
1) NEVER CLICK A LINK IN AN EMAIL UNLESS YOU’RE 100% SURE IT’S LEGIT
Hover your mouse over a link (DO NOT CLICK IT) and you will often see a strange link format, e.g. this one from ‘BT’ today went to ‘https://gtsmashcomau-my.sharepoint.com/personal/chamma_gtsmash_com_au/_layouts/15/guestaccess.asp’ which obviously isn’t going to send you anywhere legitimate.
If you’re worried about a possible charge then don’t click the link but go to your web browser and visit the website in question (e.g. bt.com) and login to the account to check or give them a call (using their publicly found phone number not one from the email).
If you use email a lot then practice right-click copying all links and pasting them into your browser, this forces you to check links before going to them and is a great last line of defence!
2) Check the ‘From’ Address but remember 67%+ of spoofed emails also spoof the ‘From’ address!
This is fairly easy to forge / fake so don’t rely on this but for lazy scammers forgetting to spoof the ‘from’ address is a common mistake they make and easy to spot!
e.g. The ‘From’ address showing as [email protected] instead of [email protected]
Return Path found that nearly 30% of more than 760,000 email threats spoofed brands somewhere in the header from email address with more than two thirds spoofing the brand in the email domain alone3.
3) Think! Do you even have an account with this company?
Always be skeptical – it sounds obvious but with the threat of legal action against you (a common trick) or outstanding bills for hundreds of pounds we can all quickly forget we don’t even have an account with the brands these scammers are pretending to be!
4) Forward phishing emails to the appropriate companies
Yes, it’s a pain but it might help stop them, if you get an email you believe is fake find the phishing email address for the legitimate company the scammers are pretending to be by searching for ‘business name phishing’ and then forward the email on to them. Then report as spam in your inbox (the more people that do this the quicker spam gets blocked) and then delete from your inbox.
e.g. Phishing emails for BT should be emailed to [email protected]. Facebook use [email protected]
5) Use an alias/unique names/email for each website/service you sign up with
This allows you to quickly block an email address if you’re getting spammed from it – Learn about Alias Emails on our article
Also, ensure your main email password is using a unique password that doesn’t match any other service!
6) Check for spelling mistakes and spot the strange salutation
Emails from most companies will be correctly formatted, spelt and addressed directly to you and not ‘Dear Sir/Madam or Valued Customer’.
7) Remember if you’re caught by a scammer & you lose money you probably will be the one your bank blames!
In the past, many banks have denied compensation/refunds if it has been as simple as you sending money to someone online via bank transfer.
Think twice before sending any money to anyone! Pay with a credit card for further protection.
8) Triple check any bank account details
If an email just so happens to coincide with something else happening in your life right now (e.g. home extension work you’ve recently been quoted for or your new car purchase etc) and it’s asking you to pay with bank information within the email always ensure these account details are correct by speaking with the original company/person directly! Be sure to find their phone number online via another device (e.g. your phones web browser connected on 3G not Wifi) or from previous phone records. Because, if a scammer has gone to the trouble to set up a fake email, bank details etc they can easily set up fake phone numbers or create malware that fakes your search results to show the wrong number!
9) Watch out for urgent email subjects/topics
A common trick is to make people think they’re about to have their ‘account suspended’, they’ve had an ‘unauthorised account access’, have ‘legal action starting’ against them or a ‘payment overdue’, all of these add a level of urgency which confuses your brain into clicking the links. Just take a second to think about it before you do anything!
10) Attachments and unsolicited emails are a massive no no!
Outstanding bill, please find attached invoice.pdf…. ring any bells? Often those .pdf files are actually ZIP folders containing all sorts of malware/viruses etc. Never open an attachment unless you’re expecting it!
- http://www.newstatesman.com/sci-tech/2014/09/psychology-phishing-why-do-we-fall-terrible-email-scams
- 419Eaters – a team of scambaiters who annoy and waste the time of scammers (aka legends) http://www.newstatesman.com/sci-tech/2014/09/psychology-phishing-why-do-we-fall-terrible-email-scams
- https://blog.returnpath.com/10-tips-on-how-to-identify-a-phishing-or-spoofing-email-v2/