Warning: Fraudsters are using our brand to target individuals. Loans 2 Go will never ask for upfront fees. If affected, please contact us & learn more here.
What is a phishing email

Stop the Scammers! How to recognise a phishing email

Technology is used increasingly in every area of our lives. Unfortunately, it also provides opportunities for unscrupulous people to try to scam others. 

In our mini series – Stop the Scammers! – we are looking at different types of scams. Previous articles cover how to recognise a fake website, and how to tell if contact from a business is genuine.

In this article we take a look at phishing emails.

 

What is a phishing email?

Phishing is when criminals try to trick you into clicking a link that will result either in your personal information being stolen or a virus downloading onto your computer.

The name phishing originated from an earlier word “phreaking”, which described the act of fraudulently using an electronic device to avoid paying for telephone calls. In the early to mid-1990s, one of the few ways for the public to access the Internet was a 30 day free trial via an AOL floppy disk. Once the trial ran out, some users began to “phish” for others login credentials so that they could keep using the Internet for free.

Phishing first gained more widespread attention in 2000, when many people were affected by the Love Bug. Millions of emails entitled “ILOVEYOU” were sent out, instructing recipients to “Kindly check the attached LOVELETTER coming from me”. Unfortunately, those who did exposed their computers to a virus that overwrote system files then sent itself to all the recipients email contacts. In 10 days, it infected 50 million computers across the world.

Back to 2023, and phishing emails are still very widespread, and becoming more sophisticated. Typical phishing emails will look as if they come from social networking sites, eBay, online shops, banks, online payment systems, credit card companies or IT support.

 

Five ways to spot a phishing email

All this is very worrying. So here are some tips on how to recognise a phishing email.

 

  • Inconsistencies in the domain name

The first thing to check in an email is the email address of the sender. This will often be a give away. For example, does it match the email address of previous correspondence from that company? You may well find that there are one or two letters that are different.

Also, if there is a link in the email, DON’T click on it, but if you hover your pointer over it, you should be able to see where the link would take you if you did click on it. You will usually find that the link does not match the domain name of the company it’s supposed to be from.

Also check any additional information in the footer of the email to see if that matches what you would normally expect to see there. Even if it does, it can be obvious if it has simply been copied and pasted from elsewhere.

  • An unfamiliar greeting

You can often tell a phishing email straightaway by the greeting. For example, if your name is Fred Bloggs, emails from some companies may usually address you as Fred, others more formally as Mr Blogs. But if this one begins with “Dear Fred Bloggs”, something doesn’t seem quite right.

So if there is something about the greeting that seems strange, it’s definitely worth checking other aspects of the email to see if it is phishing. One of these is spelling and grammar . . . .

  • Spelling and grammar

Everyone makes mistakes, so you may occasionally spot a misspelling or typo in an email. But if this email is full of them, or if the wording doesn’t read very well, it could be a phishing email.

Generally, you would expect emails originating from a professional company to be well-written and pretty much error free. But phishing emails may be written by scammers with limited English, or even be computer-generated. Either way, there is likely to be some indication that something is not quite right.

  • You are asked to click on a link in the email

As we have already advised, if there is a link in the email DO NOT click on it. Many sophisticated phishing emails also have a fake website associated with them. If you click on the link in the email, it will take you to a landing page that looks very similar to the real website of the company the email is supposed to be from. But if you then enter your login or payment details, your information and/or money will go straight to the scammers.

You may be asked to click on the link for a variety of reasons, for example to secure your account, or change your password, or access a software update. But never do this. If you are concerned about any of the issues raised, close the email, open a different window or tab, and check the legitimate website of the company.

  • A sense of urgency or panic

A common tactic in phishing emails is to try and make the recipient panic, or trick them into thinking they have to respond urgently or something bad might happen. And, if they succeed in doing that, the recipient is more likely to respond hastily, perhaps without reading the email properly or thinking things through.

Always read an email carefully, especially if it is demanding some kind of action from you. Then you can make the best decision as to what to do with it. And if you think it is a phishing email, there are things you can do to fight back. 

Read on . . . .

 

How to report a phishing email

If you suspect a phishing email, the best thing to do is to report it to The National Cyber Security Centre (NCSC). This UK government organisation has the power to investigate and take down scam email addresses and websites.

There is no charge for reporting phishing attempts, and the NCSC actively welcomes reports, even if they turn out not to be phishing. By reporting them, you are protecting both yourself and others from cybercrime.

To report a possible phishing email you can either forward the email or send a screenshot of it to [email protected].

 

What to do if you have been scammed by a phishing email

If you have clicked on a link in a phishing email and provided personal information, change your passwords immediately. If you have given them card details, contact your bank or card issuer straight away so that they can block any payments going through. 

After a phishing attempt, you should check your accounts regularly for any unusual transactions. And it is also worth checking your credit report in case the scammers try to apply for loans or credit cards using your details. This is known as identity theft.

If you have been scammed, you should also report this to Action Fraud either online or by calling 0300 123 2040. 

We hope that the information in this article helps you to be more aware of how to recognise a phishing email. You can find more information on our dedicated Recognising Frauds and Scams page.

Also check out other articles in our Stop the Scammers! Series for help with different types of scam.