Research has revealed that over half of all users open fraudulent emails and many fall for them, not knowing how to spot a phishing scam. Phishing is done with the aim of gathering personal information about you, generally related to your finances. The most common reason for the large number of people falling for fraudulent emails is that the phishing attempts are often so well-disguised that they escape the eyes of a busy email reader. Here are a few tips that help you identify whether that email really came from your bank or is another attempt at defrauding you.

How to spot a phishing scam

Tip 1 – Are they asking for personal information?

Remember, no bank or financial institution asks you to share your key personal information via email, or even phone. So, if you get an email where they ask for your PIN or your e-banking password, you may have spotted a phishing scam! Don’t be fooled by scammers masquerading as your CEO or financial controller, either – you can read more about this in our article on whaling attacks.

Tip 2 – Do the links appear genuine?

Phishing emails always contain links that you are asked to click on. You should verify if the links are genuine. Here are a few things to look for when doing that:

  • Spelling: Check for misspellings in the link or URL. For example, if your bank’s web address is www.barclays.co.uk, a phishing email could misspell it as www.barclaysbank.co.uk or www.barcleys.co.uk. The changes are often only very slight, so you must be vigilant in checking these.
  • Disguised URLs: Sometimes, URLs can be disguised. This means while they look genuine, they ultimately redirect you to a fraudulent site. You can recognise the actual URL by hovering your mouse cursor over the link and waiting for the true link address to display, or you can right click on the URL and select the ‘copy hyperlink’ option and pasting the hyperlink in a notepad file, but NEVER EVER paste the hyperlink directly into your web browser.
  • URLs with ‘@’ signs: If you find a link in an email that includes the ‘@’ sign, steer clear of it even if it at first glance it seems genuine. Browsers ignore URL information that precede an ‘@’ sign. That means, the URL www.barclays.co.uk@phishingsite.net will take you directly to the phishing website and not the Barclays Bank web page.

Tip 3 – Other tell-tale signs to spot a phishing scam

Apart from identifying fake URLs, there are other tell-tale signs that help you spot a phishing scam. Some of these include:

  • Emails where the main message is in the form of an image which, after opening, takes you to the malicious URL.
  • Another sign is an attachment. Never open attachments from unknown sources as they may contain viruses that can harm your computer and propagate across the network.
  • The message seems to urge you to do something immediately. Scammers often induce a sense of urgency in their emails and threaten you with consequences if you don’t respond. For example, your iTunes account will be closed if you don’t verify your PIN or password.

Take action to protect your business

If you come across an email that looks like it could be a phishing scam, you can report it to the NCSC who will investigate further.

Finally, it’s important to invest in a good anti-virus and web security solution and work with a Managed Services Provider (MSP) like Air IT. A proactive MSP will monitor and manage your security solutions to ensure they are up-to-date and all machines protected. They will also help you to identify potential vulnerabilities and the necessary actions you can take to fix them. For further information and advice on how to spot a phishing scam or other cyber security queries, please feel free to get in touch.