What Are Phishing Emails, And How Can You Spot Them?

Even in the days post-GDPR and many of us managing to clear out our inboxes of junk an unwanted contact for a few months, it seems as though marketing and promotional emails are stacking up again; and with them comes increasing security risks.

Phishing emails refer to emails used by scammers (both human and computer-generated) to obtain information from the recipient through false pretences. Normally, this is done by appearing to be from a genuine source with which the recipient has a relationship and encourages them to supply or change their customer data, i.e. requesting a password change.

The ways in which these phishing emails are constructed are becoming cleverer by the day, and it can often be extremely difficult to differentiate false data requests from real contact by the brands you know and love. So what are the signs of a ‘fishy’ email? There are a few to look out for.

Check the links

Any links to websites within the body of the email may appear in the text to be genuine, but when clicked, take you somewhere else (even if it does look the same as a website you frequent). Hover over the link with your mouse and check the URL – is it correct for the site you usually use? Instead of using the links in the email, instead go to your browser, open a new window and type in the website address as you know it. This will allow to login to the genuine website and not one that potentially could be ‘dressed’ to look real.

Note: There’s a trick to domain names that can help you identify malicious links quickly. The format thispage.onit.com is a part of the onit.com website. However, onit.thispage.com isn’t, and would be a different site. Always look for any additional sub-links to be on the left hand site of the main domain.

Did you take the action mentioned?

If an email suggests that you’ve taken an action with a website; such as making a purchase, entering a lottery or changing some information; be sure that you’ve actually done it before you take any further action. If you haven’t done what it says, chances are you don’t need to do anything else either!

You’re asked to supply information or resources

Being asked for money is an immediate red light to fraudulent activity, but if asked to supply any personal data or information, you should also be sceptical. Log onto the website concerned or contact the company involved through means other than those in the email to confirm if you’re actually responsible for updating or providing anything.

It mentions a government or local authority

Put bluntly, a government body won’t normally contact you by email – not least because it’s rare they’d have your email address! Email isn’t a secure enough method of communication for most confidential contact, so nine times out of ten, you can safely assume an email is phishing if its made out to be from a government agency. Make contact with them by phone (NOT using a number from the email) or post to confirm.

Don’t be embarrassed if you do get caught up in a phishing scandal: they’re getting very convincing and many are fooled. If you need ongoing support in the event of such issues, get in touch. The ON IT team can help identify malicious sources and block them from future contact. It’s always better to be safe than sorry!