Phishing is one of the most common methods of cybercrime, but despite the fact that we all know about scam emails, people often still fall victim to these scams. Thousands of phishing emails are sent every year and a vast amount of data breaches come from scam emails. Phishing has been used for all kinds of scams, from gaining access to your bank accounts to coronavirus scams that ask you to pay for tests. There are some ways that you can spot a phishing email, so you can avoid having your information stolen or being scammed out of your money.
One: The Message Is Sent From A Public Email
No genuine organisation will send emails from an address that ends with ‘@gmail.com’, or another free email service, not even then companies that own these email services.
Only very small operations won’t have their own email domain and all organisations will have company accounts. If the domain name matches the sender of the email, this is a good sign that the email is genuine. If you get an email from your bank from a Gmail address, that’s definitely a fake.
The simplest way to check what the domain name of an organisation should be is to search for the company on Google.
Look at the email address, not just the sender. Your inbox will display a name, like the name of your bank, along with the subject line. When you open the email, you will think you know who the message is from, and can often skip checking the email address to just read the content.
When a scammer creates a fake email address, they often have the choice to choose the display name, which doesn’t have to relate to the email address at all. This means that a scammer can use a bogus email address that show up in your inbox with a convincing display name. Unfortunately, sometimes this is enough to trick people.
Two: The Domain Name Is Misspelt
Scammers are wise to the problem of domain names, and there are clever ways to get around not being able to send emails from the correct domain.
Anyone can buy a domain name. While every domain name must be unique, scammers can buy one that is remarkably similar to the genuine article. Perhaps they add a dash or change a letter that is hard to spot at first glance on a small screen (swapping an m for an n is a classic example).
If an email seems strange, pay close attention to the domain name. If it isn’t spelt correctly, then it’s a scam.
Three: The Email Is Poorly Written
You can often tell that an email is a scam if it uses poor spelling and grammar. Phishing emails are automated and sent out to vast numbers of people. When these emails are crafted, scammers often use a spellchecker or a translation program. This gives them the right words but always used in the correct context.
These are errors are often the kinds of mistakes that are common with people learning English. Any message claiming to be official that is written like this is almost definitely a scam.
An email with a mistake is not always going to be a scam. We all make typos occasionally, especially when typing quickly. It’s up to you look at the context of the mistake and decide if it suggests a scam email or just a mistake made by someone in a hurry. Ask yourself:
- Is this a common typo, like striking an adjacent key?
- Is it a mistake a native speaker wouldn’t make, like words in the wrong context, or grammatical incoherence?
- Is the email consistent with previous messages you’ve received from the sender?
If you’re not sure if an email is genuine, even after looking at these clues, you should contact the sender, via another method of communication. You could check on their website, call them, speak in person, use an instant message option, or use an alternative email address. They can either confirm that the email is genuine, or you can make them aware of the scam, so they can take action and prevent other customers from being scammed too.
It’s important for individuals to learn to spot a scam email. Spam filters can only do so much to catch attempts at phishing, and it takes a human to look for signs of something suspicious in the context of an email. Learn the signs, and be aware of what you’re opening or clicking.