Spotting those sneaky phishing emails
Phishing scams are the most common type of scam reported in Australia, according to the latest data from the Australian Cyber Security Centre (ACSC). And phishing attacks that exploit public fear around COVID-19 are on the rise. Knowing how they work and how to spot them can save you from having a very bad day.
What is phishing?
Phishing (ie. fishing 🎣) is a form of attack cybercriminals use in different ways to trick you into giving them personal or financial details. Once they have your information they will either attempt to use it to commit further fraud or sell it on the darknet for someone else to use.
Spear phishing is a version of phishing where hackers use previously gained information to target a specific individual for a certain purpose. Easily found information such as your name, job title, or where you work can be used to make a phishing email look legitimate. One common approach is to impersonate your accounts department and try to trick you into paying money to the wrong place.
Whaling attacks are even more targeted, taking aim at senior executives (i.e. the whale 🐳). Although the end goal of whaling is the same as any other kind of phishing attack, the technique tends to be a lot more advanced as the potential pay-off is bigger.
How does phishing work?
Typically, a scammer will contact you pretending to be from a legitimate business such as a bank, telephone or internet service provider. You might be contacted by email, social media, phone call, or text message.
To start, they’ll usually be after your personal information to use for financial fraud or will try to trick you into downloading something to your computer they can use to do more harm.
How to spot a fake email?
Phishing emails are everywhere nowadays, so it’s important to know how to spot them. At first glance, some phishing messages can look genuine and will use a legitimate company’s logo or font. Others are very easy to spot.
👀 Keep an eye out for the following warning signs that the email you’ve received is a bit dodgy.
⚠ Warning Sign #1: Unusual language
It is poorly written and/or contains lots of spelling and grammatical errors and/or contains strange phases (“hello my friend” is one of my favourites).
These are the easiest to spot and also provide the most amusement. An overabundance of CAPITALISATION, exclamation marks !!!! and grandiose claims (100% success guaranteed!!!) are all things to keep an eye out for.
⚠ Warning Sign #2: Urgency
The message is designed to make you panic! 😱
Common scare-ware themes include:
Claiming your account is compromised
Your computer is infected, or
The taxman is after you.
These types of emails often try to scare you into reacting without thinking.
Take a deep breath, have a nice cup of tea, and then think about whether what they are asking from you is reasonable. If you are still unsure, contact the company through other methods, but NOT by any of the contact details in the email 😉.
⚠ Warning Sign #3: Personal information requests
The email asks you to enter personal information, such as banking details or login credentials🔑.
Reputable companies will never ask for these kinds of details via emails.
⚠ Warning Sign #4: Odd sender details
When you 🔎 look closely, the web and email addresses are not quite right.
For example, @mail.airbnb.work as opposed to @Airbnb.com.
⚠ Warning Sign #5: Strange links
The email is prodding you to click on a link. Before clicking on links, use your mouse to hover over and inspect each one first to ensure that it's not going to take you somewhere unexpected.
Here is an example of a current Australian Post scam that is doing the rounds. These links lead to a fake Australia Post website requesting personal and financial information.
⚠ Warning Sign #6: Unexpected Attachments
Alarm bells should be ringing if you receive an email from a company out of the blue that contains an attachment. 🚨 The attachment could contain malicious software or lead to the installation of a virus or something else dangerous on your PC or network. ☠️
Even if you think an attachment is genuine, it’s good practice to always scan it first using antivirus software.
And finally, when in doubt, throw it out! 😎
Visit our other related blogs for more information: Protecting yourself from scams or How to report a small business scam