What is a phishing email and why are they dangerous?
Phishing emails (also called ‘spoof emails’) are sent by fraudsters with the aim of tricking you into giving them valuable personal details, such as usernames, passwords or bank details.
The emails usually contain links which fool you into thinking you are about to visit a ‘real’ website, however when you click them they go to a different website set up by the fraudsters. The fake website will look like the real one in order to convince you to enter your details.
The website may ask for you to reset a password, change your username or enter bank/credit card details. When you submit those details, they are sent to the fraudster, potentially giving them access to your accounts.
Sometimes malware or other malicious software is automatically downloaded to your computer when you click the links which infects your computer and can search for any saved personal information that may be valuable to the fraudsters.
Some of the most common phishing emails to watch out for imitate websites such as PayPal, HMRC, email clients (Gmail, Hotmail, Yahoo, Outlook.com, etc.), banking websites, eBay and social media websites (Facebook, Twitter, etc.).
Further reading – 5 Convincing Phishing Emails to Watch Out For
How to recognise phishing emails
Often, phishing emails look as if they have been sent from the authentic source. For example, a PayPal phishing email may include the PayPal logo and have the same template design as the ‘real’ emails that PayPal send. However, there are key things to look out for:
- The email may be addressed generically, e.g. “Hello sir” rather than using your name (which the ‘real’ company would do)
- There may be spelling mistakes
- The email may look different to ‘official’ emails from the company
- The email may contain suspicious text that asks for personal details, e.g. asking you to reset a password due to a system error
What to do if you receive a phishing email
If you think an email may be a phishing email, do NOT click any of the links in the email. Hover your mouse over the links and you should get a hover-box or see a message at the bottom of the screen that tells you the website that the link is pointing to.
Fraudsters are getting clever: the link may contain the proper company name, but it won’t be the real website. For example, it may be something like paypal.money-sending-12435.com.
The text in phishing emails is designed to concern you in order to entice you to click the links. They may inform you of orders you haven’t placed, tell you that your password needs to be reset or warn you of system errors that require you to re-enter your details.
If you are concerned by the content of the email, the best thing to do is to open an internet browser and go directly to the website in question and log in. Check your notifications on the website to see if they really are asking for details. Again, do NOT click the links in the email.
Going directly to the ‘real’ website and logging in will let you check that these messages are fake. If they were authentic, there would be a message after logging in informing you of what’s required.
Reporting a phishing email
Many websites offer the facility to report suspicious emails. If you still aren’t sure if an email is genuine, report it and ask if the company to take a look. Here are some links you may find useful for reporting phishing emails:
To find the phishing email reporting tools for other websites, use a search engine such as Google. Try typing in something like ‘eBay report phishing email’ (replacing ‘eBay’ with the company you are searching for) and you should be able to find the correct page.
Stay vigilant when reading your emails; phishing emails are becoming more and more convincing, but with some clever thinking and common sense, you will be able to avoid the scams. Remember, if an email is asking for personal information to be entered, it’s probably a fake.
Spambrella’s anti-phishing service URL Defense is now one of the most sought after service features in the cloud security marketplace. Spambrella by default runs ‘user scan-time’ and ‘click-time’ phishing protection for emails which are scanned for URL reputation and IP threat. When the email is filtered, and again when the user clicks a link. This unique feature protects users from any changes in URL reputation.
User responsibility and awareness can only take your business users so far. For the rest, there’s Spambrella.