Phishing is an online attack with the goal of tricking people into giving up their personal information via deceptive emails and websites. The most common ways in which hackers try to do this are:
1. Encourage the target to click on a link or download an attachment containing malicious software that can infect your computer or other device
2. Deceiving you into entering your information into a fake website, usually imitating a well-known company or brand
Luckily, there are many ways in which you can spot a phishing scam. Here are some of the main ones:
How to spot if your email is a phishing scam
1. If you receive and email out of the blue asking you for banking details, your national insurance number, your mother’s maiden name or any other personal information, this is likely to be a scam, as legitimate companies never ask you for this information over email.
2. Look out for bad punctuation, spelling or grammar.
3. Check for unusual email addresses – often the sender name will look convincing, but the email address will look unusual.
4. Do they use your name? Trustworthy companies that should have your data, such as your bank, will use your name in the emails they send to you because they already have your details in their database. If you receive a generic, informal greeting such as ‘Hi’ and no name, this could potentially be a scam.
5. Is the contact information at the bottom of the email legitimate? Do they look made-up? Are the copyright details up-to-date? If not, this is another sign that something is not right.
6. Do the dates make sense? A common phishing scam is a fake competition, asking you to give your details in order to win a prize. However, if the closing date of the competition has already passed, it’s likely to be a scam. Inconsistencies like this indicate fraud.
7. If the phishing email is trying to imitate a reputable, known company or brand, such as bank or supermarket chain, and you are suspicious, one thing you can do is to check if the logos and branding they use look the same as the real website. Find the real website by typing the company into your search engine and see if the scammer has missed any details.
8. You can also check if the suspicious email looks exactly like any previous, legitimate emails the company has sent to you.
9. Finally, if you are suspicious, one easy way to check if the email is real is to call the real organisation and ask them if the email is legitimate. They may already be aware of the scam due to it being reported by others. You can also report the scam on https://www.actionfraud.police.uk/report_fraud