Phishing is an online attack with the goal of tricking people into giving up their personal information, usually via deceptive emails and websites. The most common ways in which hackers try to do this are:
- Encouraging the victim to click on a link or download an attachment containing malicious software that can infect your computer or another device.
- Deceiving people into entering their information into a fake website, often imitating a well-known company or brand.
Luckily, there are many ways in which you can spot a phishing scam. Here are some of the main ones:
How to spot if your email is a phishing scam
- Suppose you receive an email out of the blue asking you for banking details, your national insurance number, your mother’s maiden name or any other personal information. In that case, this is likely to be a scam, as legitimate companies generally never ask you for this information over email.
- Look out for bad punctuation, spelling or grammar.
- Check for unusual email addresses – the sender’s name will often look convincing, but the email address will look unusual.
- Do they use your name? Trustworthy companies that hold your data, such as your bank, will use your name in the emails they send to you because they already have your details in their database. Be alert for a potential scam if you receive a generic, informal greeting such as ‘Hi’ and no name.
- Is the contact information at the bottom of the email legitimate? Do they look made-up? Are the copyright details up-to-date? If not, this is another sign that something is not right.
- Do the dates make sense? A typical phishing scam is a fake competition, asking you to give your details to win a prize. However, if the competition’s closing date has already passed, it’s likely to be a scam. Inconsistencies like this indicate fraud.
- Suppose the phishing email is trying to imitate a reputable, known company or brand, such as a bank or supermarket chain, and you are suspicious. In that case, you can check if the logos and branding they use look the same as the official website. Find the authentic website by typing the company into your search engine and see if the scammer has missed any details.
- You can also check if the suspicious email looks exactly like any previous, legitimate emails the company has sent you.
- Finally, if you are suspicious, one easy way to check if the email is real is to call the organisation and ask them if it is legitimate. They may already be aware of the scam due to it being reported by others. You can also report the scam (or any fraudulent activity or cyber crime) at https://www.actionfraud.police.uk/report_fraud