A couple of weeks ago I had an email purporting to be from Apple telling me my ID needed to be confirmed and wouldn’t work until I responded. I went straight to the app store, logged in and downloaded an app which required my login and it worked perfectly.
Had I responded to the email which looked totally authentic someone out there would have been able to hijack my Apple account. This was a phishing email and luckily I was suspicious – I always am. But it might have caught someone else.
With the Talk-Talk hacking affecting so many current and (probably) former customers this is a good time to brush up on your knowledge of phishing emails – what they are and what to look out for.
Phishing is used by fraudsters to try and get confidential information out of you. Emails can look entirely authentic from businesses you may expect to hear from regularly. There are those with grammatical and spelling mistakes and email addresses you don’t recognise that are reasonably easy to spot, but in general they’re becoming more and more sophisticated.
My first rule of emails is to NEVER click on a link or reply unless you’re absolutely certain that it’s genuine. But how to you tell?
So here’s what to look out for.
1. Bad grammar and spelling mistakes. Even the biggest companies paying huge amounts of money to highly qualified copywriters make mistakes occasionally, but sometimes there are obvious errors which should make you stop and think. They frequently contain capital letters and numbers where they shouldn’t, and spelling and errors which look as if they’ve been written by someone whose first language isn’t English.
2. The ‘to’ field in the email header is blank. This could indicate that the email doesn’t come from someone who knows you and deals with you regularly.
3. Be very suspicious of any email asking for personal information such as your pin number or account password. No reputable company will ever do this and you should NEVER give this information out online.
4. Fraudsters are unlikely to know your real name. Be suspicious if the email from a supposedly reputable business who you do business with already doesn’t contain your proper name.
5. Phishing emails frequently have an urgent call to action. They want you to act without thinking, to click without thinking. ‘Your account has been compromised! You need to take action immediately, click here to verify your account’ is a good one. Think before clicking, always.
6. Many emails are read on smartphones, so the ‘hover over the ‘From’ area to see if the email sender looks authentic’ tip for identifying phishing emails a few years ago doesn’t work on smartphones. But if you’re on your pc or laptop obviously you can see who the sender is immediately, and if it doesn’t look right or there’s something funny about the sender’s email address close your browser and type in the proper URL.
7. Don’t open email attachments or click on email links unless you’re absolutely certain you know who they are from. These can contain viruses.
8. It’s this simple. If you have any doubts at all, don’t click.
Don’t assume that an email that looks authentic, is. Check carefully before responding.
Fraudsters sending phishing emails are becoming more and more clever. The most important thing is to not click on anything you have doubts about. Go the the website independently, login and make sure that everything is normal. Then report the email as spam and delete it.