In today’s world, email clients are very sophisticated at picking up and filtering out spam emails and putting them straight in the spam and junk folders, before they ever get to our inbox. Unfortunately, this is not foolproof, as people will keep trying to find new ways to ‘beat the system’, and occasionally one of these kinds of emails can slip through the net (I get them occasionally).
The type of spam emails we will be looking at are ‘phishing emails’, these are described by PhishTank as:
“Phishing emails usually appear to come from a well-known organization and ask for your personal information — such as credit card number, social security number, account number or password. Often times phishing attempts appear to come from sites, services and companies with which you do not even have an account.” – PhishTank
these emails normally masquerade as being sent from popular websites, like Facebook, WhatsApp and as well as others, so we are going to look at the top 4 signs to spot phishing emails.
1. Check the sender email address
This might sound a little obvious, but how often do you look at the email address, rather than the sender name? Just taking this simple step can help you spot emails you shouldn’t trust, you can check this in the inbox, to see who sent the email, if you hover over the sender’s name in Gmail or Outlook (formerly Hotmail), it will show you what email address sent them.
As you can see on my Gmail account I have an email from Google Adwords, from the email@example.com, this looks like a legitimate email from them.
On the other side, I have an email that says it is from WhatsApp Notifier, but the email address has no relation to that at all, I would expect it to have come from firstname.lastname@example.org or something along those lines, this looks highly suspicious and is likely a phishing email, so would be marked as spam and deleted.
If you are on your phone or tablet, it may only show the sender name, and there isn’t a way to see the email address from your inbox, if you have opened it, on Outlook, you can tap on the double drop down arrows next to the recipient email address and it will drop down to show you the sender’s email. On Gmail, there is a details button will show you the sender email.
2. The email does not look like others you’ve received
A lot of the ones I’ve seen are social media related, with missed messages and notifications, if the email does not look like ones you have received before, it is probably a phishing email.
Look at these two emails I have received:
You can probably tell which is the real email and which is the phishing email. You can see they don’t look anything alike do they, as well as some of the glaring differences like different way of displaying the logo and the spam one having a very thin explanation as to the purpose of the email and misspelling the title, it is also missing the personalisation you normally get, like addressing you by name, the phishing emails don’t generally have access to details like your name and account interaction, so have to leave out the personalisation and go with a more generic message to get you to click.
The spam ones generally come with the high importance notice, as far as I’m aware I have never seen a legitimate one come through marked as high importance, if you get one of these, be cautious.
3. The destination URL is not normal
Okay, so let’s say you’ve clicked on the email, it looks like it could actually be from where it says, and there is a link in the email, before you click on the link, hover your mouse over it and at the bottom left of the page, it will show you where it is going to take you.
This doesn’t match with where the email claims to be from and is not a website I recognise, do not click the link, on the other side there could be some malicious software that will automatically download, just delete the email or mark it as spam.
If you are on a mobile or tablet, you can either hold your finger down on the link (be very careful not to accidentally click it) and it should bring up a pop up asking how you want to interact with the link, the web address it will take you to (or as much as it can fit) or if you are unsure, go directly to the site fromm your web browser, rather than the link and check that way.
You do have to be careful with these, as sometimes they can send a shortened version of the web address, you know those links you will see on social media posts that can look like this:
These are generally used on social media channels to help with character limits, I personally can’t think of a good reason why you would use this for an email link, you can use tools like Check Short URL to see what the full URL is and then decide from there.
4. From unknown companies or people
Sometimes phishing emails can come from a legitimate email address, where you don’t recognise the person that sent it to you, check out the image below, this was an email I received from someone I do not know.
Now I don’t know this person, but because it has gone into my inbox, maybe it could be a genuine email, the content of the email is:
There is no real message, with just a link to click on.
I have no idea where that is going to take me, it looks pretty suspicious, so marked as spam and deleted.
I have also received emails claiming to be from PayPal, saying there is an issue with my account, but I have never had an account with them, so how could there be a problem with it?
Answer: there isn’t because it is not from them, it is playing on PayPals popularity and sending these around, hoping to catch someone out, can you guess what I am going to say do?
That’s right mark as spam and delete.
These tips should help you spot phishing emails and keep your details secure, as I said at the beginning, your email provider will pick most of these up before they hit your inbox, and if you do spot one that has slipped through the net, marking it as spam will help your email provider spot them in the future.
My last little piece of advice is, if you do receive an email you are unsure is legitimate, instead of going through the link in the email, open up your web browser and go to the website directly, and check there, then you can be sure that you have gone to the actual website.