How to spot a phishing email like a cybersecurity expert?

Computers and offices. Image by Tim Sandle.

Phishing is an attempt to steal personal information or break into online accounts using deceptive emails, messages, ads or sites that look similar to sites you already use. It is a growing menace and the use of email remains the most common way to seeking to defraud the unaware.

Through the day scammers are sending a constant barrage of phishing emails to try and steal your money and identity.

Oliver Page, the CEO of CyberNut, tells Digital Journal about five ways to spot phishing emails like a professional IT consultant.

Tip 1: The Language Is Urgent And Fear-Mongering

With this first area, Page picks  a scenario where you could be warned something bad will happen (for example, you will be charged or lose access to an important account) or you will miss a bargain or prize if you do not respond immediately.

Page states: “By implying there’s limited time to fix an error or claim a prize, the scammers are hoping you’ll be less likely to think twice about what you’re doing.”

Tip 2: The Message Content Is Poor Or Garbled

Reputable firms would never start an email with a generic or impersonal greeting such as ‘Hi’. Similarly, instances of misspelling or bad grammar should ring alarm bells. If the email is littered with spelling and grammar mistakes, it clearly indicates the sender is not using tools such as Grammarly or Word’s spellcheck; it would be extremely unlikely for genuine companies to not proofread official emails, so repeated or obvious errors should always clue you in to the fact that something is amiss.

Tip 3: The Sender Address Or Domain Name Is Suspicious

If the message purports to come from a major organisation (such as Paypal), the email address should match the company’s name (e.g. @paypal.com). Genuine companies will never use a service like Gmail (@gmail.com) to communicate with you.

According to Page: “If the spelling of the domain name is incorrect, this should be immediately concerning. A scammer may have created a copycat address that slightly varies from the genuine company name (e.g. apple1.com) in the hope that you won’t check too closely.”

Tip 4: The Email Makes Personal Information Requests

Page warns that scammers are most often after one of the following:

• Your social security number
• Your bank details
• Your card numbers
• Your contact information

This list leads Page to state: “If you’re unsure, never supply this data online. If the sender wants to send you money, be suspicious if they ask for your bank details first.”

Tip 5: The Email Contains Unknown Attachments Or Links

Page cautions not to access any attachments if they have strange file names or extensions. Clicking on  ‘.zip’ means you’d unzip files onto your computer, and ‘.exe’ would run a software program on your device.

These attachments could release computer viruses or malware, while suspicious links could take you to fraudulent websites. Trustworthy companies would be more likely to use platforms such as Dropbox when supplying extra documents.

This leads Page to conclude: “You should also beware of vague and unexpected messages purporting to be from well-known companies, the authorities or the government, or your bank, as well as any email promising unbelievably good offers like free vacations or big-ticket items.”