How To Identify An Email Phishing Scam

Phishing, carding or spoofing refers to a criminal practice where a fraudster will send an email claiming to be from a bank or other legitimate organisation.

They’ll then ask you for your personal details including your account details, giving them access to your account and everything in it.

Phishing scams are typically carried out via email, but you can also be targeted through social networks, forums, or other places wherein you can receive messages. Whatever the case may be, hacking is not needed because you are the one who willingly provides the information to the scammer.

Here are some ways on how to determine phishing emails and stay protected.

Identifying an email phishing scam

1. You receive an email asking for details such as:

• Your name and address
• The password or PIN for your account
• Your bank account number
• Your credit card/debit card number
• Your card validation code (known as a CVC or CVV)

Most banks and organisations will never ask for your details through an email, so if you're being asked for them be suspicious.

2. The email has incorrect spelling or grammar. It's hard to spot a spelling or grammar error in emails or letters received by your bank, because they are generally proof read. Criminals don't have this kind of foresight, so it's common that phishing scams will include errors.

3. Links which send you to third party websites. Many phishing scams will include a link to a supposedly legitimate site, but these links can instead download a file onto your computer or otherwise help a criminal get access to your details. If you do click the link because you think it's genuine, you can check if it's a secure website by looking for 'https' in the address bar, and by looking for the lock sign.

4. Urgent threats or information which are too good to be true. Many phishing scams will try to evoke a sense of urgency to get you to respond quickly and forget about your internet safety. These may include threats to close your account, offers of free money and other far-fetched claims.

5. The email is said to be from a popular organisation or your bank. Phishing scams will attempt to deceive you into thinking they have been sent from a legitimate company. To fly under the radar they may include fake graphics and other logos, so carefully look at the logo or other graphics on the real website of the organisation if you're unsure.

6. The email has suspicious attachments in it. Think about the last time an organisation like Facebook or your bank sent you an attachment. Be careful of attachments ending in .exe, .scr, .zip, .com and .bat. If you think the email might be real call up the organisation to confirm if they've send the email and the attachment.

Other ways to spot a phishing scam

There are many other ways in which criminals can be caught out when it comes to a phishing scam. Here are some:

• Suspicious email greeting - Many companies which you regularly deal with will use at least your first name in their email greeting, whereas phishing emails will almost always use a generic greeting.
• The body of the email message is an image. Many phishing scams today are detected before they even reach your inbox due to inbuilt security measures, so criminals will try to slip under this protection by making the body of the email an image. In many circumstances the image will be a link, so if you hover your mouse over it the cursor will turn into a hand.
• You receive an email from an organisation but they send it to an address different to the one you supplied. This is a fairly good indication that the email is fraudulent, as an organisation such as a bank will only send emails to the supplied addresses.

This is a common phishing attempt. As you can see, the email purports to be from Westpac (which I hold no accounts with), has poor formatting and grammar, as well as a suspicious looking attachment.

Image: Shutterstock