Dear Friend,
I have the privilege to request transfer of the sum of $47,500,000 to you. If you would kindly send your bank account details (including PIN) to dodgycriminal@fraud.com I will proceed with the transfer of funds immediately.
Kind regards,
Scammer McScamface
About to email your bank details? No, didn’t think so.
Spotting a Phishing Scam: Level One – Passed.
However, it’s not usually quite this obvious when a message is fraudulent or malicious; some are much more sophisticated …
This email is from your bank (it has their logo and is from one of their email addresses). They’re warning you about “suspicious activity” and asking you to “verify your details”. You trust them. They’re trying to protect you from the bad guys. It looks genuine, but, something still doesn’t feel right…
If you’re not 100% certain an email is valid, pause and check through these 5 quick tips that can help you determine its authenticity:
1) Salutations
Phishing emails often start with generic greetings (E.g. Dear Valued Customer) or your full email address (E.g. Dear nemo123@naimuri.com). Most legitimate companies will address you by your name as you’ll likely have provided it to them when setting up your account (if it’s a company you have dealt with before).
2) Spelling and Grammar
When a large company sends out any correspondence it is likely to be proofread and any spelling or grammar mistakes corrected at this point. If you get mail, supposedly from a major corporation, and it contains spelling mistakes or poor grammar, this could be a telltale sign of a scam.
3) Sender’s Address
There are some distinct signs to look out for here:
- The email is sent from a completely different address or a free webmail address.
- The sender’s address doesn’t tally with the trusted organisation’s website address.
However, in many cases, the sender’s address looks to be genuine, but, the address has been spoofed to mimic a trustworthy source – a wolf in sheep’s clothing so to speak. Hovering over the address may reveal the author’s real address or, if in doubt, view the email headers to find out its true origin.
4) Suspicious Links and Attachments
Always be cautious when considering opening links or attachments from within unexpected mail.
In most email programs you can hover over links or use the “copy link location” (or equivalent function) to view the destination address. If a link is seemingly directing you to an organisation’s website address, instead of clicking it, navigate to the address via your usual, safe route. (i.e. via a bookmark, search engine result et al.)
Be particularly wary of .exe, .msi, .jar or .zip file extensions as these executable files have the potential to be very damaging.
5) Sceptical?
Trust your intuition. If it feels something is wrong, quite often it is. If you have any qualms about the legitimacy of an email, the safest option is to err on the side of caution.
Be cautious. Don’t take the bait. Think before you click.