RSN™ Guide: Email Phishing Scams

Email scams, also called phishing scams, are when a cyber scammer contacts you out of the blue and tries to tricks you into clicking a dangerous link or filling in your personal information or bank details.

Portions from Which.co.uk (copyrights acknowledged)

What Is A Phishing Scam?

Phishing is when a cybercriminal contacts you out of the blue (usually by email) and convinces you to hand over your personal information or money.

Email that gets you to download a virus that infects your computer is NOT a phishing scam – that is MALWARE. 

Phishing is a play on the word ‘fishing’ and usually happens over email, but can also happen through texts, social media, websites, or phone calls

Examples Of Email Scams Include:

• An email message saying you’ll be entered into a free prize draw if you enter your information
• An email message pretending to be from the IRS or HMRC telling you that you have a tax rebate, or that you owe tax
• An email message pretending to be from your bank or a popular retailer claiming there’s been strange activity on your account which requires you to re-enter your personal details

If you suspect an email might be from a scammer do not click on any links or download any attachments in the scam email as these may download a computer virus onto your computer. Nothing in the email is believable – do not trust a word it says!

6 Ways To Spot An Internet Scam – from Which.co.uk

WARNING: Computer viruses can find their way onto your computer by scammers tricking you into installing them. For example, ransomware threatens to take action on your computer – such as deleting files – unless you pay a ransom.

ALWAYS IGNORE LINKS AND ATTACHMENTS

If you suspect an email might be from a scammer, do not click on any links or download any attachments featured in the scam email as these may download a computer virus onto your computer.

Make sure you stay security-savvy and ensure your antivirus software is always up to date, as this will provide an extra layer of protection if you have unknowingly downloaded a computer virus after clicking a link or downloading an attachment.

How To Spot An Email Scam

Email scams, also called phishing scams, are becoming increasingly common as fraudsters come up with new tricks to try and steal your personal information and bank details.

CHECK THE ‘FROM’ ADDRESS

• It’s always worth checking the address the email comes from for spoofing. Scammers often change its name to make it look more like it is from the company or organisation they are pretending to contact you from.
• A scam email usually has a fairly bizarre email address behind what looks like a genuine sender name.
• To find out if there’s a fraudster behind what looks like a genuine sender, use your mouse to hover the cursor over or right-click on the sender name and you should see the email address behind it.

GREETING IMPERSONAL?

• Increasingly you will notice that scammers are getting better at sending emails which include our name in the first line of the message. However, not all of them do.
• Sometimes scam emails will just say “Hi” and not include your name, other times your email address will be used after “Hi”. This impersonal approach to contacting you is another sign that it’s likely to be a scammer behind the email.

CHECK CONTACT INFORMATION AND DATES

• Does the ‘contact us’ information at the bottom of the email link to anything? Is it clickable? Are the websites it links to genuine? If the answer is no, you should be on your guard. To see where a weblink links to without actually clicking on it, simply hover your mouse cursor over the link. In the bottom left-hand corner of your web browser, the web address where the link goes to will appear.
• Are the copyright dates (or any others) up to date? Often scammers will forget this detail. We came across an email scam in March 2017, which said the closing date of the competition being advertised in the email was December 31st, 2016. If you see this level of inconsistency, it’s probably a scam.

CHECK BRANDING

• Scam emails are often pretending to be from big brands, companies, supermarkets, retailers and deal sites or from trusted government departments.
• Checking branding and keeping an eye on the quality of branded logos, etc, in the email can strongly indicate if the email is a scam.
• Is the branding in the email the same as it is on the company or government website? Does it match the last genuine email you received from them? If the answer is no, be suspicious.

CHECK IF THE LINKED WEBSITE IS LEGITIMATE

Remember, we said not to click on a link but if you already did …

• If you have clicked through to a website or landing page from an email thinking it is genuine, make sure you also double-check the authenticity of the website.
• If it’s a big brand or company, simply open a new tab and do a quick search for them. Click on their website and then compare the URL addresses.
• Are they the same, similar or totally different? This should give you a good indication as to whether the landing page is a fake or genuine.
• If you haven’t yet clicked a link but are being asked to do so you can access an important message on your account, avoid the temptation to act quickly and log in via the email link. Instead, open your browser and log in to your account via the official website. Check if the message is really there. If it isn’t, you know the email you received is likely to be from a scammer.

ASKING FOR PERSONAL OR BANK DETAILS?

• If an email is asking you to update or re-enter your personal or bank details out of the blue, it is likely going to be a scam.
• Personal information includes things like your National Insurance number, your credit card number, Pin number, or credit card security code, your mother’s maiden name or any other security answers you may have entered.
• Most companies will never ask for personal information to be supplied via email.

POOR SPELLING, GRAMMAR, AND LAYOUT

• Increasingly scammers are getting better at presenting phishing emails that are more or less free of poor spelling and grammar. But, you should still watch out for these tell-tale signs.
• More common is to see a real lack of consistency with the presentation of the email, which may include several different font styles, font sizes and a mismatch of logos.

TRYING HARD TO BE ‘OFFICIAL’

• Scammers often try hard to make the email sound official. They will do this in a number of ways, including using the word ‘official’.
• You are unlikely to see the messaging in a truly official email shouting about how official it is.
• Scam emails may also contain information such as account numbers and IDs designed to trick you into thinking the email is genuine. Check any of these against your records to see if they match.

TRYING TO CREATE A SENSE OF URGENCY

• Fraudsters will try to pressure you with time-sensitive offers, encouraging you to act now or miss out on ‘exclusive’ deals.
• Take your time to make all the checks you need. If the message is alerting you to look at something linked to an account you have with the company, organization or retailer, you should log in separately to your account in a new tab or window
• It’s better to miss out on a genuine deal than risk compromising your personal details or money.

CHECK WITH REAL COMPANY

• If you’re still unsure whether a scammer is behind the email you received, get in touch with the brand or company featured in your email directly via social media or their ‘contact us’ page.
• Remember also to check the brand or company help and customer services pages. Often big companies are aware of scams circulating and have published advice for customers on what to watch out for.

Summary

The obvious way to stay safe from Scam Emails is simply: do not do business through emails. Meaning that when you get an email from a business you recognize, simply go to their real website or call them, do not click on anything in the email. If you follow this simple rule you will always be safe!