There is always someone looking to steal your personal information or get you to enter your credit card details.
Whether it be via E-mail, SMS or WhatsApp once you have entered your details you are in for a world of pain as this normally opens to floodgates to you getting bombarded with emails that you do not want.
Today, I want to share with you what exactly is a phishing email and more importantly how to spot a phishing email scam a mile away.
What's A Phishing Email?
A phishing email is simply an email that is trying to get you to input details (that you do not want to share). It could be your username and password for a website, your bank details or credit card details.
As most websites use your email address as the username, once they have access to your password – they can and probably will change the password, so you cannot access it. So, if that is access to your credit card online account – guess what you will find they will be buying stuff before you know about.
The other side to it and is the most successful phishing email scam is an email that looks like it is coming from someone else in your work network… i.e. an email from HR about a personal matter, IT requested a password change or shipping details (so a product gets shipped to them rather than the actual customer.
These emails will almost be perfect and according to Verizon’s 2016 Data Breach Investigation Report, almost 30% of these phishing emails actually get opened. Big companies go to a lot of measures to educate their employees about the signs to watch out for to avoid falling victim to these scams. But when you are a small business owner, you may need to keep up with these signs so you can avoid them too.
Phishing Email Examples
Let me share with you some examples of emails that you may receive and also the steps they take to be as accurate as they can.
Anyone getting started online will realise the importance of having a PayPal account, and this tends to be a common target for phishing emails. The email will look almost perfect and will detail a transaction that you have completed. But you never bought anything! When you look at the email, it is typically for about £30 and will have a link to access your account. You will want to check out your account as you never bought it, so you click the link and enter your username and password. Guess what, you have just handed the scammer access to your PayPal account.
But if you are vigilant, you will notice that the email address that it came from was almost perfect, but it wasn’t – they will create a domain will a very similar name to PayPal so at first glance it is right. After having a number of conversations with PayPal, they state that any email from themselves will address you by name – this email did not, it said “Dear Sir”. There were also a couple of spelling mistakes.
So with PayPal, I would also advise if you are unsure – access your account away from this email. Go through your browser or use your PayPal app.
I actually received a text message from PayPal, this week stating “Your PayPal has been temporarily suspended! Please re-confirm your identity today or your account will be closed” with a link.
Now, at first glance you would worry. But after speaking to a lovely lady at PayPal, she confirmed a couple of things. One, the text would again address me by name, it wouldn’t come from a random mobile number and it would be typically done by email and not SMS.
You can see how they try and fool you into entering your details.
There are many types of phishing email examples:
- Offers that look too good to be True… “You have won the lottery, but you need to log in now…” “You’ve won an all-expenses paid holiday”
- Emails that look like they have come from a government agency
- You are asked to send money to cover expenses (may not be in the initial email – but further down the line)
- Unrealistic Threats – Intimidation Tactics. “Pay Now or we will start legal proceedings”
- Anything where it asks you log into your account (Bank accounts, PayPal, HMRC, Work Accounts)
- Something where you didn’t Initiate the Action “You are a competition winner” but you didn’t enter any competition
How to Spot a Phishing Email
I have listed a number of key things to check, but you will find the best way is to be suspicious about emails you are not expecting and then look out for these:
- The domain name (website name) is wrong. For example, that email I received from PayPal was from paypal1.com rather than the proper URL. It is often an extra character or number.
- Any email that is asking for personal information or asking you to log-in is normally fraudulent. A genuine company would not ask you to enter your personal info or log-in from an email.
- You will typically find that phishing or scam emails will have poor spelling and grammar. They are hoping the shock factor will typically get you to click the link without reading the email and finding it doesn’t make sense and has a lot of mistakes.
- Be aware of unrecognised links – scammers have started using embedded links. You click the link and see a page that looks very relevant to what you are looking for, but they now have access to your account.
- Check the name of the sender – this will normally be a bogus name urging you to sign into a website – this is a key one when it looks like a work email – you will find the email address will also be the same as the fake URL they are using.
- An email that is giving you a deadline or action will be taken. Normally companies give you ample time, so when this comes out of the blue. Check with the company itself.
- If the email looks too good to be true, like the competition winner ones – even though we would all love to find we have won an ‘all-expenses paid’ holiday, if you didn’t enter the contest, don’t get too excited.
Whilst scammers are constantly evolving and looking for other ways, once they have your email address you will find you will be bombarded with phishing emails. I have also found since launching this website and displaying the email address, you start getting bombarded with emails around buying traffic, etc. I am not saying these aren’t genuine, but as soon as you display your email, you have to expect to receive some of these emails.
There is also a key step to consider with these, scammers buy email address of other scammers. So, once you have received one, you can expect to receive more. But keeping these tips in mind will help you identify and delete these.
Do not reply to them, as that just confirms the email address is valid. This is the same as SMS scams, if you reply they know your number works. Do not give them the opportunity to sell on your email address or phone number.
There is also a great website with good information around phishing emails, if you are concerned or unsure – Phishing.Org.
It is all about preventing Phishing and is really useful.
Let's Prevent Scammer's Succeeding - Spread The Word!
As long as people fall for the traps these guys set, then they will continue to do them. They make money from it, either through stealing your information and selling it on or accessing your accounts and doing the same.
But if everyone remained vigilant and shared their experiences and spread the word, then we will all be able to read emails without having to really think about whether they are genuine or not.
If an email looks too good to be true, then it probably is and don’t fall for the emotion it might rise. We would all love to find we have won a ton of money, but an email out of the blue is not going to be that golden ticket you wish would happen. (Sorry, it just isn’t).
I would also ask that if you know people who are more likely to click on these links, due to them not being that savvy online (i.e. I had the chat with my mom about these types of emails when she started going online) then talk to them about these types of emails and what they should do if they are not sure.
My mom now asks me if she is unsure, typically with something sent via Facebook but it is a start as I know my mom isn’t going to fall into these traps.
The more we can spread the message around these phishing emails, the more likely no one can fall for them.
If you have received a phishing email, then I ask that you share your story below, so we can warn other people about the types of phishing emails we could be receiving. Share it in the comments below.
If you are still unsure or have any questions around phishing emails, then please type them in the comments below and I will definitely come back to you to help.
Get Your FREE Affiliate Marketing Blueprint
Learn How to Create Your Own Passive Income Making Machine – 4 Steps to Success
12 thoughts on “How to Spot a Phishing Email Scam – Don’t Get Caught Out”
Phishing emails have been an issue for years, and I think we sometimes get too complacent about them. Like you say, the practice has definitely spread from email to even more forms of communication now. I got a text not too long ago telling me all about a Paypal charge; I was shocked and nervous, until I remembered that I didn’t have Paypal at the time. It’s crazy the kind of blatant lies these people will try and sell to you. I agree that sharing your story; and maybe even a copy of the email itself, would be a good start to fight against it- people can check emails they receive against these scams. What do you think?
it would definitely help to share as many examples as we can to help people. if they receive a similar one they could compare it to that one. I would only recommend screenshots of it though, so someone cannot accidentally click on the dodgy link.
They do make you have that sort of reaction you were talking about, you think ‘Oh my God’ but then realise it is just a scam.
Hallo there John,
Thanks for the very enlightening post of phishing.
On how to spot a phishing email, I have seen you have said that a genuine email tells you to log in from the email.
Could you please expand more on this point. I got confused.
I have always thought that the emails that give you the log-in button in the email are not to be trusted because they are most likely to mislead you.
I was advised that you should always login from the web by searching the url for the site you want.
What do you have to say about this?
I would like to get your advice and guidance.
Thanks in advance.
apologies, just realised the typo in the post. Will definitely update that – it should be will not ask you to log-in from the email. thanks for noticing.
You are definitely right, you should always log in from the website and not the email. That will be updated momentarily.
Hi, John. An excellent article on phishing email scams. I get dozens of these every day. Most of my emails I delete on sight. I’m sure I get some legit ones but I’ve been doing this so long now, I can scan through 30 or 40 emails in under a minute, and just from the headlines/info paragraph, immediately know whether the email is worth my while opening. There must be tens of thousands of people that get caught up in these sort of scams; otherwise the scammers wouldn’t do it. Good of you to spread the word. Cheers, Paul
thanks for checking out my post. You are right, as soon as you get your head around them you can notice them from a mile off. The more we share the message, the more people will be able to notice and the scammers will have to find other ways of making money.
Great post and it contains very good info!
Phishing mails are easily tracked and noticed, they always contain some things that you are like: This can’t be true, I don’t have a bank account or they are asking me so many personal things.
What is more, not often they ask for your password!
Not any instance will ever ask for your password.
But yet, you have people who falls into these tricks.
So thanks for sharing it with us, it can help people!
thanks for sharing your experience, when you know what you are looking for they are easily trackable. But if you are not sure about anything, like my mom you can easily fall into the traps.
We need to ensure everyone knows what to look for.
Great article John! I must say that you are definitely right. This is happening very often to me. I usually get some emails where if I give them username they will give me some free cash cards and the like. I know that it is a fraud but I can’t prevent those type of emails. I also know one person who was scammed in this way. We all should be very careful.
it has come to a point where we just have to realise it is part of life. Some email providers are getting better at spotting the scams, but it just takes one to slip through and someone to click on it for it to work.
We just have to be vigilant. thanks
Thanks John for the insightful review. Seems like the population of internet crooks has grown exponentially. The one I get the most tries to look like an email from a family member with whom I seldom correspond via email.
I think the crook gets the family member’s name from Fb. It will be subject line of the email with an RE: preceding the name. A cursor hover over the sender produces a strange email address usually from outside the US. I immediately send it to SPAM, but would like to block the sender. Is there a way to do that?
Wow, I have not seen any seeming to be from a family member. But it does show what lengths they will go to. Social Media can display a lot of information about us, especially if our privacy settings are not correct. They can gain all the information they need to target us.
Thanks for the great shout out. But it still comes back to you realising that it looked dodgy and doing a couple of checks.
Vigilance is key to anything online.