The importance of online security is bigger than ever and with criminals coming up with new and inventive ways to catch you, we must remain vigilant. Previously we have discussed how to defend yourself against phishing but with increasingly clever tactics we thought we would highlight some 10 ways you can sniff out a potential threat and detect signs of a phishing email.
As you probably already know, phishing is the act of misleading you into giving away your sensitive information, from login details to your credit card information there’s a wealth of data you don’t want falling into the wrong hands. The most popular way of phishing is via email so we will be looking solely at this, but remember that cyber thieves can masquerade in a variety of different ways so keep an eye out.
Here are the 12 signs of a phishing email that should throw up an immediate red flag.
Why is PayPal emailing you from ItsJohn@datathief.com*? The correct answer is they are not and if a reputable company is not using their own server email or a recognizable email, then it’s definitely not them. If you are genuinely concerned and are expecting a similar email, do not reply to this one, go to the company’s website and find an email address or contact number of someone you can speak to and you can deal with the quiery directly. Also, contacting the real company helps to raise awareness that someone is using their name to steal data which they can then act upon by contacting customers legitimately and this avoids anyone else getting duped.
If something was really happening with your account then chances are you would have heard something rather than a strange email out of the blue claiming that you MUST ACT NOW. If you aren’t expecting an email, then chances are it’s false and again, you can always contact the company and check. This also stands for unrealistic threats that are suddenly imposed in the email, stop and think about this company and what they are LEGALLY allowed to do, if the threat doesn’t line up it’s because someone is trying to use fear and intimidation to get you to click.
In many instances phishing emails will have poor grammar or language and this could be because they were thrown together quickly with minimal spellchecking, because an automatic translator was used to quickly send to a variety of different countries or alternatively because the writer was writing in their second language. Although businesses can make mistakes, professional business emails are usually written by someone from your own country or at least spell checked and proof-read so this can be a major giveaway.
Asking For Money
Email marketing is strong for a lot of businesses or charities and although you may find you get newsletters and emails drawing your attention to the latest products or services, when was the last time a company asked you for a specific figure to immediately hand over? Even if they are sending you an invoice, most of the time this will be in the form of an attachment, with a legitimate invoice, reference number and contact details so you can always check it out. Asking for money is one of the telltale signs of a phishing email!
Wrong Child Domains
A favourite trick is to create a child domain which involves having a domain underneath an original, meaning that the parent domain details are in the URL which is how they catch you out. For example, Information.Security.TowerWatchTech.com would be a child domain of our own website and this is clearly indicated if the parent domain is on the RIGHT-hand side due to the way DNS naming works. However, a spoof version of this would be TowerWatchTech.com.phishing.com but because the brand name is in the URL, you get confused into thinking it is legit. The best way to remember it is:
On the LEFT, I’m LOSING money
On the RIGHT, everything is all RIGHT
It Asks You To Log In
Be wary of any email that asks you to log into an account direct from their email. Most companies will ask you to log in but will not provide you with a link, or will provide a generic link to their own website that you will recognise. Links are often disguised as a dummy website which records your login data! If you think it is from a reputable company the easiest thing to do is manually go to their website and log in the same way you usually do, the extra minute it will take you to do this is better than the hassle if you don’t.
Too good to be true. At the end of the day, if someone randomly wants to send you a £million then it’s probably not your lucky day. Do you REALLY think that if you had come into that much money they would contact you via email? No, they would use several points of contact, (as unlikely as it is anyway) or official channels. If it sounds too good to be true, it probably is.
Linking content can be beneficial in an email but it is also an excellent way to hide nefarious links! Many people don’t realize that embedded links can be checked by simply hovering over them (on a desktop) computer and seeing the actual link (rather than clicking on it!) Ask yourself if the link is reflective of the company you’re expecting, if it isn’t then DO NOT CLICK ON IT, and definitely don’t click on it to “see what it does.”
Lack of Personal Info
This doesn’t always work as some criminals are getting more sneaky but a lot of the time, legitimate brands or businesses with your email address will use at least your first name, if not your first and second. “Valued customer”, “friend” or “client” are all ways of saying “I don’t know your name but I am going to pretend to anyway” and should be avoided, particularly if they are asking you to share personal information.
A business, brand or professional will sign an email with more than just a name at the bottom, even if it is a generic email it will still have “The Team” with contact information or website addresses underneath because it’s a marketing tool. Giving out as much information so that customers can contact you and potentially turn into a sale is good business practice so be wary of any “business” who is not willing to share that information and a name-only signature is a good way of doing this.
The header name can be inputted, the email address cannot be changed so ignore the header name and go straight to checking the email. Always check the little arrow to look at the email as a first point of contact. A lot of the time people don’t realise you can and that is why few emails will actually cover this up so you can save a lot of time and heartache by dealing with this first.
Always double check before you click on an attachment, particularly those that you aren’t expecting, have strange names or aren’t mentioned in the email itself. This tactic plays on curiosity to see what it is and that is how they will get you! Normally, the sender will tell you what is attached, why and how it is relevant to you so that you know what you are looking at, the first warning signs of a phishing email is when they don’t tell you and the second is when they tell you it contains irrelevant information or info they could have just written in the email. If something sounds suspicious, don’t open it.