How to Spot a Phishing Attempt: The Anatomy of a Phishing Email

Phishing attempts are among the most common online scams. If you’ve been using the internet for any length of time, the chances are that you’ve received an email attempting to con you out of money or personal information.

Email providers have spam filters which usually catch most scam emails. However, some of them do slip through the net, so it’s important to be on your guard – because it’s easier than you might think to be caught out by fraudsters.

Phishing is a type of cyberattack where scammers try to deceive people into giving away sensitive information such as credit card numbers and passwords. It is crucial to know what phishing attempts look like so you can avoid being taken in by them. Here are some key points to bear in mind.

Check the sender’s email address

The first thing to do when you receive a suspicious email is check which email address it’s been sent from. Hover your cursor or right click on the sender’s name and the email address should appear.

Scammers often use email addresses that consist of little more than random characters and digits, or send them from a public email domain such as Gmail. However, others are more sophisticated, using addresses that look similar to legitimate ones with only subtle differences. Always check carefully.

Look out for spelling and grammar errors

Very often, phishing emails are riddled with spelling and grammatical errors. Emails from legitimate organisations are much more carefully written and are generally free of such mistakes. This is, therefore, another common giveaway contained in scam emails.

Legitimate companies would, at the very least, check their spelling before sending out emails to customers. It is worth noting, though, that the more sophisticated scammers are much better at preventing spelling and grammar errors, so even if there are none, this doesn’t necessarily mean that an email is genuine.

Check links before you click

Before clicking on any links included in an email, hover your cursor over the link to see what the web address is. If the address doesn’t direct you to the supposed sender’s actual website, or it otherwise looks suspicious, the email could well be a scam and you should report it to your email provider.

You can also copy and paste the URL into Who.is, a domain checker, to see when the website in question was created. If it was only created recently, this may be another indication that the site is a fake.

In addition, you should check to see whether the website is secure. You can do this by looking for ‘https://’ in the URL. HTTPS is a more secure protocol used by legitimate websites to protect page authenticity and keep user information private. It should also be accompanied by a padlock icon in the address bar on your web browser.

Verify any requests for personal details

A crucial point to remember is that legitimate organisations generally don’t approach you out of the blue and ask for sensitive information such as credit card details or passwords. If you receive an email asking for such information, you should be very sceptical as it’s likely to be a scam.

Sometimes these emails may direct you to pages that look very similar to the actual site they’re designed to emulate. You should not enter your personal information – such as login details or payment information – unless you can be totally sure that the email is a legitimate one.

Don’t open attachments

You should not download or open any attachments which come included in a suspicious email from an unknown or unexpected source. They may contain malware; this is malicious software which can infect your device with a virus, track your browsing habits, steal information or hold you to ransom (known as ‘ransomware’).

Certain file extensions – such as .exe and .zip – are often associated with malware. Do not open attachments unless you can be sure that they have come from a legitimate sender. Also, always keep your antivirus software up to date just in case your computer is compromised by any viruses.

Look carefully at the language used

Phishing emails often use alarming language intended to create a sense of urgency, pressuring the reader into taking a certain action. Unfortunately, many unsuspecting people fall prey to this, when a scam email successfully panics them into handing over their details.

If you receive an email using this kind of language, take a step back. Follow the other steps already mentioned here to ascertain whether or not the email is genuine. Then, if you believe it isn’t a legitimate email, report it to your email provider or, if you’re at work, your employer.

Scam emails also commonly use generic and impersonal language when addressing their targets, addressing the reader as ‘Dear customer’ or simply saying ‘Hi’ and then listing their email address. Legitimate organisations usually personalise their emails, addressing the person to whom they’ve been sent by name.

Contact the organisation directly

If you’ve received an email that looks suspicious but you can’t quite be sure whether or not it’s a scam, you should contact the organisation which is supposed to have sent the email. Go to their official website and find their contact details, which are likely to be listed either at the bottom of the web page or on a dedicated webpage (titled ‘contact us’ or similar).

The organisation in question should then be able to tell you whether the email you’ve received is a genuine one or a phishing attempt. Some big companies are aware that scammers impersonate them and provide customers with tips on how to spot fraudulent emails.

Stay alert

You should always be on your guard in case you fall victim to a scam email. As we’ve mentioned, some phishing emails are quite sophisticated and it’s not always immediately clear that they’re fake. Even savvy and experienced internet users can be taken in by them.

Another way of bolstering protection against phishing emails is to use two-factor or multi-factor authentication, which requires users to provide more information than a password alone (for instance, a code sent to your phone via SMS). This way, even if your password is compromised, you have an extra layer of protection and can keep fraudsters out of your account.

At Solsoft, we can help you navigate the challenges of cybersecurity and boost your business by helping you take advantage of the latest IT tools, with a bespoke solution to suit your needs. Contact us today to find out more about what we can do for you.