How to spot a scam or phishing email

Today, whilst we have benefited from advances in tech which mean that we have 24-hour access to our bank accounts at our fingertips, and use contactless payments for most transactions, digital breakthroughs such as these also sadly mean that there have been advances in the way that scammers and cyber criminals operate.

Phishing is an extremely common online technique and threat. Fraudsters attempt to trick an individual into handing over their personal information such as usernames, passwords, dates of birth, card numbers and account details. Once they have this info they can use it to access their bank accounts, to open credit cards in their name or even take out loans.

It’s often very difficult to differentiate between a phishing email or text and the real thing. Scammers have become sophisticated in their methods, and even the most careful people have been taken in by them. Here are some tips to tell the difference between a genuine request for information and a phishing scam.

1) The email address or web address used may be very slightly wrong. It may be very similar to one used before, but there could be a fundamental difference. The domain name may be spelled differently, or the URL may look weird. For example, there could be added letters. E.g. instead of @hsbc.com, it could read @hsbc.mail.work.

2) The email may be poorly written. If there are errors in spelling and grammar, this could be a red flag. Legitimate companies will have high editorial standards and their email templates will usually be checked thoroughly before going out to clients.

3) If the request seems unusual, it probably is and should be treated with caution. If you suspect a scam, you’re probably right and you should speak directly to the organisation in question to confirm either way before doing anything. Are they asking you directly for your information? This is extremely unusual. Even if the email comes from the right domain (which could have been spoofed) you should try to speak with the sender directly.

4) Are the links within the body of the email odd? If you hover over the links, where do they actually go to? If they redirect to unexpected websites, this is a big red flag. They could also be hidden in an ‘unsubscribe’ link, so be wary.

5) Weird attachments. Did you request the information attached? Why do they want you to download the attachment? It could contain malware. This could come in many forms including invoices, receipts, photos or other attached file types.

What can you do to combat these scams?

• Speak to the person making a request via a method you trust like calling them on the phone. If this is not possible, ask yourself why.

• You should have various layers of cross checking in place with your financial controls, for example, multi-factor authentication.

• Utilise advanced protection like that of Defender for Office 365. This is a cloud-based email filtering service that helps protect you and your organisation against malware and viruses.

• Don’t get in the car and find yourself halfway to Sainsbury’s before wondering why the boss has asked you to buy £500 worth of vouchers!

• Use a service like Knowbe4 to educate your users.