Spam, phishing and the best ways to identify harmful emails
Spam, phishing and the best ways to identify harmful emails
Phishing emails are becoming increasingly difficult to identify as fraudsters get better. Have you ever had an email from a Prince supposedly willing to split his large wealth if just send over your bank details? Or perhaps you’ve received an email claiming to be from your bank, asking for important security information? The likelihood is that both of these are what is known as ‘phishing’ emails, designed to get you to hand over personal information. Plusnet has put together this simple guide to help protect you against these when surfing online. Disclaimer: All names, email addresses and websites have been altered. Website addresses in images have been checked for your safety.
What is spam and phishing?
The background of the term “spam” is quite interesting and owes some thanks to Monty Python for its popularity. Whether it is snail mail or email, spam is simply repetitive mailshots that people do not want to receive.
Monty Python: The term spam comes from a sketch by Monty Python about the meat product.
Phishing takes this to a whole new level as emails can often contain malicious viruses or unscrupulous ways of getting you to hand over personal information such as bank details. Scammers are refining their ways of extracting this information from people each day and emails often appear to be from a trusted source when in fact they are not. Handing over personal information could make you a victim.
Take Our Quiz and Test Your Knowledge
How can I identify the difference between phishing emails and real emails?
Most organisations take your security seriously and never ask you for your personal details via email. They typically rely on you to contact them, answering personal security questions along the way. Specific information can also be included in emails to let you know that it is genuine - here at Plusnet, we provide your username on every email we send. Companies such as banks may send informational updates but legit ones never provide links to external pages.
Here are some tips to help you identify the differences between phishing and real emails:
Oddly spelt or an unfamiliar email address
Spam emails usually contain random email addresses which bear little relation to the purported ‘sender’ of the email. Check addresses with a fine toothcomb as some may contain slight spelling mistakes that on first glance may look genuine. Emails from suspicious senders should be deleted.
The subject line will often be something that is designed to grab your attention. Any messages about suspicious credit card, bank or financial activity should be treated with extreme caution. Similarly, anything mentioning webcams, sending pictures or videos (unless this is expected from someone personally), or in a foreign language should also be ignored or trashed.
Spelling, grammar and punctuation
Certainly in cases of phishing scams from overseas, emails will tend to be in broken English with plenty of punctuation and spelling errors. Also, you may find that names of people and companies are spelt incorrectly too. An official email from a company will have gone through a number of sign-off levels before it is sent to you so the grammar is usually very good because it has been checked and checked and checked again!
See some examples here: http://community.plus.net/forum/index.php/topic,122796.0.html
Lack of personalisation (i.e. Dear Customer) A lot of emails will open with and sign off with a lack of personalisation or open with a pretend username, usually the first half of your email address, i.e. ‘Dear Dave.Smith’. Any website you personally sign up to should have some form of identifying you and in cases of banks, ourselves, mobile phone companies etc., will often provide personal identifiers such as account digits so you recognise them. Some phishing emails tend to be only a sentence long with no personalisation and a suspicious link at the end. See this example on our Forums: http://community.plus.net/forum/index.php/topic,123340.0.html Author If the person signing off the email is not recognised then dismiss it. Alternatively, if it comes from an organisation you are unsure of then delete it, particularly with anything newsletter related that you haven’t signed up to. If it refers to a reputable business always visit their website and check to see if they have sent you anything and also any information on spam emails. If you don’t know David R (or a name like this), the chances are that after opening it is likely to be a spam email. Actual Email itself is irrelevant or offensive Anything that offers you to view or buy inappropriate things, or suggestive in asking you to view webcams/pictures/videos, should be ignored and deleted. If the website is also irrelevant to you (i.e. your bank is Halifax and you receive emails claiming to be from Natwest) delete and report them. Similarly, also watch out for popular spam emails telling you that someone has got hold of some personal images and to ‘look at this image of you’ or ‘See this Facebook post about you’. This is also common on social media, particularly Twitter. Attachments Never open any unexpected attachments, particularly those included in email trails or those that ask you to send on to ‘five people’. These can be loaded with viruses and deliberately lure you into opening them in order to insert scripts on your computers to obtain login information and personal details. Links to websites Always treat links to any website with suspicion. Most banks will never direct you to their website in emails or to check your account. Anything that links to a t.co address or i.imgur address should be treated with suspicion and automatically deleted. See our section below for more.
How can I check whether links in an email are legitimate?
There are several ways you can check if a link in an email is legitimate. When you hover your mouse cursor over a link it should bring up a grey box in the bottom left hand corner of the browser saying where the link will direct you, such as the below example from Sky Sports. This will provide you with an idea as to whether the link is correct or not. Always check for spelling mistakes. You should also check the actual website address in terms of the domain and subdomain. The domain is the actual website itself, for instance Plusnet’s is PLUS.NET. A subdomain is the first part of an address, usually ‘www.’. Plusnet has subdomains such as ‘COMMUNITY.plus.net’ or ‘WEBMAIL.plus.net’ (highlighted in bold). Some spam emails try to trick you into believing that it is from a genuine website by putting the website address as a subdomain rather than the actual domain. Always make sure that the hyperlink is pointing towards the real and correct domain. See this example to help: Real: www.halifax.co.uk Phishing Spam Attempt: www.halifax.spam.co.uk Newsletters from websites you sign up to may go through a marketing tracking website address first and so differentiate from the actual website. Always check with the website if unsure.
How can I tell if an email sent from someone I know is real?
It is always good to be overly-cautious of any email sent to your inbox including those emails from people you know, as it could be that their email account has been compromised. Always be wary of emails asking for money that have no personalisation, have attachments or are asking you to visit certain links. It is better to be safe than sorry if you think it’s an unusual email or subject content for your friend to be sending. Find alternative methods of contacting that person to verify it is them before clicking anything or responding.
What can I do to protect myself more online?
- Install a good anti-virus and malware checker and update/scan computer regularly. Plusnet offers a suite of protective software for customers in conjunction with McAfee called Plusnet Protect, which is free for Unlimited broadband customers.
- Never answer emails asking for personal details
- Do not post your email address or personal information on the Internet
- If you want people to email you, always break the address up or add extra symbols to make it unreadable to spambots i.e. [name[@]email.com]
- Always read small print and say no to companies requesting to pass your personal details on to third-parties
- Never open links or emails that appear strange
We hope this guide has been useful to you. If you have any questions or examples you want to show us, then please add a comment below. More importantly, please stay safe! *Header image ‘No Phishing!’ licenced under CC BY 2.0 by Widjaya Ivan.