Every email user is likely to receive fake or spoof emails (also known as “phishing“) at some point. These fake emails, apparently from a reputable organisation such as a bank or even from IT Services, arrive daily in their thousands; asking for personal details, passwords and credit card numbers. Most should be caught in your spam filter but inevitably some get through, ready to wreak havoc. Here are some tell-tale signs to look out for that give away fake messages:
1. A generic greeting
Many fake emails begin open with a general greeting such as ‘Dear Bank Customer’ or ‘Dear Email user’. This may sometimes be formatted oddly, for instance, with strange capitalisation such as ‘Dear it services User’.
2. A forged sender’s address
Fake emails may include a forged email address in the From: field.
3. A threat that something bad will happen if you don’t act immediately
Such as, claiming that your account may have been hacked and you need to respond immediately to stop it being closed down.
4. Fake weblinks
Always check where a link is going before you click on it. Move your mouse over the link and look at its underlying URL in your browser or email status bar. Any link address visible in the message text should match the real URL it actually goes to. If not, it’s probably a spoof website that may try and collect personal details from you or install a virus or spyware on your computer.
5. Login links in an email
Never login to a webpage or any other system by clicking on an email link. Legitimate emails may sometimes mention the web addresses of login pages for information purposes but for safety you should always retype such addresses in your browser’s address line.
6. Emails that look like web pages
Some emails can be made to look like a web page that is asking you to enter information.
7. Deceptive URLs
Beware plausible looking but false addresses e.g. www.united-uk-passwordvalidate.co.uk
8. Poor spelling and grammar
Spoof emails often contain misspellings, incorrect grammar, odd phrasing etc. Bad or strange spelling e.g. “pass.wrd” or “passw0rd” is sometimes done deliberately to try and bypass spam filters.
9. Insecure connections
Any web page where you enter personal information should have an address that begins “https://” The “s” stands for secure — if it’s not there then you’re not in a secure web session, and you should not enter personal data.
As with fake links, attachments are frequently used in fake emails to hide a virus or spyware. Such attachments often arrive with an accompanying (and often cryptic or intriguing) message encouraging you to open them, e.g. “Hi – here’s the schedule I promised”. Never click on an attachment unless it’s something you were expecting, even if it appears to come from someone you know or deal with.
If you do receive fake emails, mark them as spam and/or block the sender. We’ve made a list of instructions on how to do this from each email client.
If you’d like any further information on how to protect yourself from phishing emails, complete the form below and a member of our Tech team will get in touch.