There is always someone looking to steal your personal information or get you to enter your credit card details.
Whether it be via E-mail, SMS or WhatsApp once you have entered your details you are in for a world of pain as this normally opens to floodgates to you getting bombarded with emails that you do not want.
Today, I want to share with you what exactly is a phishing email and more importantly how to spot a phishing email scam a mile away.
What is a Phishing Email?
A phishing email is simply an email that is trying to get you to input details (that you do not want to share). It could be your username and password for a website, your bank details or credit card details.
As most websites use your email address as the username, once they have access to your password – they can and probably will change the password, so you cannot access it. So, if that is access to your credit card online account – guess what you will find they will be buying stuff before you know about.
The other side to it and is the most successful phishing email scam is an email that looks like it is coming from someone else in your work network… i.e. an email from HR about a personal matter, IT requested a password change or shipping details (so a product gets shipped to them rather than the actual customer.
These emails will almost be perfect and according to Verizon’s 2016 Data Breach Investigation Report, almost 30% of these phishing emails actually get opened. Big companies go to a lot of measures to educate their employees about the signs to watch out for to avoid falling victim to these scams. But when you are a small business owner, you may need to keep up with these signs so you can avoid them too.
Phishing Email Examples
Let me share with you some examples of emails that you may receive and also the steps they take to be as accurate as they can.
Anyone getting started online will realise the importance of having a PayPal account, and this tends to be a common target for phishing emails. The email will look almost perfect and will detail a transaction that you have completed. But you never bought anything! When you look at the email, it is typically for about £30 and will have a link to access your account. You will want to check out your account as you never bought it, so you click the link and enter your username and password. Guess what, you have just handed the scammer access to your PayPal account.
But if you are vigilant, you will notice that the email address that it came from was almost perfect, but it wasn’t – they will create a domain will a very similar name to PayPal so at first glance it is right. After having a number of conversations with PayPal, they state that any email from themselves will address you by name – this email did not, it said “Dear Sir”. There were also a couple of spelling mistakes.
So with PayPal, I would also advise if you are unsure – access your account away from this email. Go through your browser or use your PayPal app.
I actually received a text message from PayPal, this week stating “Your PayPal has been temporarily suspended! Please re-confirm your identity today or your account will be closed” with a link.
Now, at first glance you would worry. But after speaking to a lovely lady at PayPal, she confirmed a couple of things. One, the text would again address me by name, it wouldn’t come from a random mobile number and it would be typically done by email and not SMS.
You can see how they try and fool you into entering your details.
There are many types of phishing email examples:
- Offers that look too good to be True… “You have won the lottery, but you need to log in now…” “You’ve won an all-expenses paid holiday”
- Emails that look like they have come from a government agency
- You are asked to send money to cover expenses (may not be in the initial email – but further down the line)
- Unrealistic Threats – Intimidation Tactics. “Pay Now or we will start legal proceedings”
- Anything where it asks you log into your account (Bank accounts, PayPal, HMRC, Work Accounts)
- Something where you didn’t Initiate the Action “You are a competition winner” but you didn’t enter any competition
How to Spot a Phishing Email
I have listed a number of key things to check, but you will find the best way is to be suspicious about emails you are not expecting and then look out for these:
- The domain name (website name) is wrong. For example, that email I received from PayPal was from paypal1.com rather than the proper URL. It is often an extra character or number.
- Any email that is asking for personal information or asking you to log-in is normally fraudulent. A genuine company would not ask you to enter your personal info or log-in from an email.
- You will typically find that phishing or scam emails will have poor spelling and grammar. They are hoping the shock factor will typically get you to click the link without reading the email and finding it doesn’t make sense and has a lot of mistakes.
- Be aware of unrecognised links – scammers have started using embedded links. You click the link and see a page that looks very relevant to what you are looking for, but they now have access to your account.
- Check the name of the sender – this will normally be a bogus name urging you to sign into a website – this is a key one when it looks like a work email – you will find the email address will also be the same as the fake URL they are using.
- An email that is giving you a deadline or action will be taken. Normally companies give you ample time, so when this comes out of the blue. Check with the company itself.
- If the email looks too good to be true, like the competition winner ones – even though we would all love to find we have won an ‘all-expenses paid’ holiday, if you didn’t enter the contest, don’t get too excited.
Whilst scammers are constantly evolving and looking for other ways, once they have your email address you will find you will be bombarded with phishing emails. I have also found since launching this website and displaying the email address, you start getting bombarded with emails around buying traffic, etc. I am not saying these aren’t genuine, but as soon as you display your email, you have to expect to receive some of these emails.
There is also a key step to consider with these, scammers buy email address of other scammers. So, once you have received one, you can expect to receive more. But keeping these tips in mind will help you identify and delete these.
Do not reply to them, as that just confirms the email address is valid. This is the same as SMS scams, if you reply they know your number works. Do not give them the opportunity to sell on your email address or phone number.
There is also a great website with good information around phishing emails, if you are concerned or unsure – Phishing.Org.
It is all about preventing Phishing and is really useful.
Let’s Prevent Scammers Succeeding – Spread the Word
As long as people fall for the traps these guys set, then they will continue to do them. They make money from it, either through stealing your information and selling it on or accessing your accounts and doing the same.
But if everyone remained vigilant and shared their experiences and spread the word, then we will all be able to read emails without having to really think about whether they are genuine or not.
If an email looks too good to be true, then it probably is and don’t fall for the emotion it might rise. We would all love to find we have won a ton of money, but an email out of the blue is not going to be that golden ticket you wish would happen. (Sorry, it just isn’t).
I would also ask that if you know people who are more likely to click on these links, due to them not being that savvy online (i.e. I had the chat with my mom about these types of emails when she started going online) then talk to them about these types of emails and what they should do if they are not sure.
My mom now asks me if she is unsure, typically with something sent via Facebook but it is a start as I know my mom isn’t going to fall into these traps.
The more we can spread the message around these phishing emails, the more likely no one can fall for them.
If you have received a phishing email, then I ask that you share your story below, so we can warn other people about the types of phishing emails we could be receiving. Share it in the comments below.
If you are still unsure or have any questions around phishing emails, then please type them in the comments below and I will definitely come back to you to help.