Learning how to spot a phishing email can help protect you from cybercrime and identity theft. But what are phishing emails, and how can you tell them apart from regular emails? Let’s take a look.
If there’s one thing cyber criminals want from you, it’s your personal data. How do they get it from you? By tricking you into sharing it with them.
The technique? It’s called phishing.
Essentially, phishing is how cybercriminals lure you into handing over personal details you wouldn’t give them otherwise. They impersonate legitimate companies and trick you into sharing information like account details and credit card numbers.
Once they have this data, they can use it to do things like make fraudulent purchases or apply for loans in your name. They might also share your data on the ‘dark web’, or they could install viruses on your computer to steal even more data from you.
One of the most common ways criminals ‘phish’ for personal data is by email. In fact, in 2020, Google reported blocking over 100 million phishing emails every day. What does this tell us?
Put simply, phishing’s a huge problem. This scam affects consumers and businesses alike, and it can have serious financial consequences. Phishing can:
- compromise your bank account
- damage your credit score if criminals use your details to apply for loans or buy things
- harm your company’s reputation
The good news is that it’s often possible to spot phishing emails if you know what to look out for.
How to spot a phishing email
1. Poor grammar and spelling
Sure, the email might look legitimate, but what’s the spelling and grammar like? English may not be the scammer’s first language, so multiple spelling or grammatical errors are a giveaway.
- Everyone makes typos now and again, but they’re less common in legitimate emails from big institutions like banks. The reason? They’re usually copyedited by a professional.
- Even if there are no spelling mistakes, pay close attention to the grammar. Does it read like stilted or broken English? If so, it could be a scam.
If you’re in any doubt, don’t answer the email. Google the company’s website, find their contact details, and reach out to them directly.
2. Sense of urgency
Phishing emails often feel urgent. They’re designed to make you think that:
- if you don’t take action now, you’ll be penalised in some way, or
- you’re about to miss out on a huge opportunity
The idea is to lure you into clicking a link within the email. The URL takes you to a fake website where hackers can steal whatever personal data you provide.
So, for example, you might get an email claiming you haven’t paid your tax bill. You click the link and provide details like your NI number or bank account information. Hackers can use this data to steal your money or your identity.
If an email makes you feel pressured in any way, it could be fake.
3. Wrong domain name
A quick way to spot phishing emails? Check the domain name. Links in phishing emails might look legitimate at first glance, but a closer inspection tells a different story.
- Hover over the link (don’t click it).
- The real address should show up. Is it the same as the URL written in the email? If not, don’t click.
Even if the addresses look the same, don’t click on anything if you have any doubts at all.
4. It feels impersonal
Legitimate emails usually address you by name, not ‘Dear customer’, or ‘Dear user’.
That said, they could figure out your name from your email address, so be wary if it’s an email addressed to you but it feels off in any way.
Look for other red flags like multiple recipients, too – undisclosed recipients could suggest that it’s a mass scam email.
5. Request for private information
Check what the email’s asking you for.
- Banks won’t ask for your full password or PIN.
- If the email asks for your bank account details, there’s a good chance it’s fake.
Generally, if the email’s requesting sensitive information, especially if you need to click on a link, you should be wary.
Phishing emails are a growing problem, especially during global emergencies like coronavirus.
To protect yourself:
- don’t click links in unsolicited emails
- change your passwords regularly
- never open attachments unless you’re sure they’re from a trusted sender
The easiest way to spot a phishing email? Go with your gut. If an email doesn’t feel right, ignore it. You can always contact the company yourself to check if the email is legitimate. Don’t use the contact details supplied in the email. Instead, Google the company and look for their official email address or telephone number.
And finally, if you’re concerned, or you think your data is compromised, contact your bank or Action Fraud right away.
Some offers on The Motley Fool UK site are from our partners — it’s how we make money and keep this site going. But does that impact our ratings? Nope. Our commitment is to you. If a product isn’t any good, our rating will reflect that, or we won’t list it at all. Also, while we aim to feature the best products available, we do not review every product on the market. Learn more here. The statements above are The Motley Fool’s alone and have not been provided or endorsed by bank advertisers. John Mackey, CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool’s board of directors. The Motley Fool UK has recommended Barclays, Hargreaves Lansdown, HSBC Holdings, Lloyds Banking Group, Mastercard, and Tesco.