The scams can be delivered via emails, websites or even phone calls and are ultimately designed to steal money. The scammers can achieve this by installing malicious software on your computer or by using social engineering to convince you to hand over personal information or even the money itself.
Phishing – scams delivered via email
Vishing – scams delivered by phone
Smishing – scams delivered by SMS text messaging
How can you recognise a phishing email?
Microsoft have provided the following example of what a phishing email could look like.
Things to look out for:
Sender address: If you are unsure as to the legitimacy of an email always check the sender address. The below example is from a phishing email that impersonated Microsoft. At first glance the email appears genuine but as you look closely at the email address you can see that is coming from @microsftonline.softcom.com which is not a legitimate Microsoft email suffix.
If you are unsure of the correct email suffix for a company visit their website (although not from a link in an email!) and see what their web address is, or their contact email address, if this is included on the site.
Typically a company’s email suffix will be their web address, as you can see from our example below.
Spelling and bad grammar: Cybercriminals are not generally known for the correct use of spelling and grammar! If you notice any mistakes, especially obvious ones, within an email then this could be a sign that the email is a fake.
Links: Beware of links within emails! If you think a link may be suspicious DO NOT click on it. One method of checking a link is to rest (but not click) your mouse over the link to see if the address matches the one typed in the email. In the Microsoft example below you can see that the link revealed in the yellow box looks nothing like the company’s web address. It is also worth remembering that links can lead to installer files that can lead to any kind of application or malware being installed on to your machine.
Threats: Cybercriminals often use threats in order to scare people into clicking on links or handing over their details. Beware any email that threatens to suspend your account if you do not carry out their instructions. If ever in doubt always phone the company in question, and make sure you get the number from their website rather than from the email you are querying!
Images and graphics: Lots of phishing emails will appear as if they come from a legitimate company. Cybercriminals invest a lot of time in designing emails and even websites to trick people into thinking they are the real deal. If you suspect an email may be a fake you can compare it with a legitimate email from the company in question to see if there are any differences, but be warned they may be subtle!
Attachments: If you are not expecting an email with an attachment then do not open it! Always check the sender address and the body of an email before you open any attachments. Cybercriminals can use attachments to install malicious software on your computer. Phishing emails often use attachments titled ‘invoice’ – if you are not expecting an invoice or have not heard of the company listed in the email then do not open the attachment. If you recognise the company name but are suspicious about the email, contact the company to check if the attachment is legitimate. Once the attachment has been opened it can affect your machine and anything else connected to the network.
What to do if you think you have received a phishing email?
Below are our handy tips and tricks for if you think you have received a phishing email
- Do not open any attachments
- Do not click on any links
- Check the company’s website (by searching for them in your browser, not by clicking a link in the email) and see if they state what they will and will not ask you for via email
- Contact the company the email is impersonating – they can confirm whether they have contacted you and if it is a phishing email they can notify their other customers
- Inform your colleagues as others may receive the same email
- Inform your IT department if you have one
- Delete the email from your inbox and then delete it from the deleted items folder
If you are concerned about a suspicious email call us on 01455 247 830 – but please remember to not open any attachments or click on any links before you call us!
If you receive an email and you do click on a link or open an attachment but after doing so you suspect that it may not be legitimate, then call us immediately on 01455 247 830.