A couple of weeks ago I had an email purporting to be from Apple telling me my ID needed to be confirmed and wouldn’t work until I responded. I went straight to the app store, logged in and downloaded an app which required my login and it worked perfectly.
Had I responded to the email which looked totally authentic someone out there would have been able to hijack my Apple account. This was a phishing email and luckily I was suspicious. But it might have caught someone else.
With texts it's harder to spot a fake - we're getting more and more used to getting texts from organisations, but those can be fraudulent as well.
Phishing is used by fraudsters to try and get confidential information out of you. Emails and texts can look entirely authentic from businesses you may expect to hear from regularly. There are those with grammatical and spelling mistakes and email addresses you don’t recognise that are reasonably easy to spot, but in general they’re becoming more and more sophisticated and the problem is growing.
My first rule of emails and texts is to NEVER click on a link or reply to an email or text unless you’re absolutely certain that it’s genuine. But how to you tell?
So here’s what to look out for.
1. Bad grammar and spelling mistakes. Even the biggest companies paying huge amounts of money to highly qualified copywriters make mistakes occasionally, but sometimes there are obvious errors which should make you stop and think. They frequently contain capital letters and numbers where they shouldn’t, and spelling and errors which look as if they’ve been written by someone whose first language isn’t English.
2. The ‘to’ field in the email header is blank. This could indicate that the email doesn’t come from someone who knows you and deals with you regularly.
3. Be very suspicious of any email or text asking for personal information such as your pin number or account password. No reputable company will ever do this and you should NEVER give this information out online.
4. Your bank is unlikely to send you a text because they don't want people to fall for fake ones. So if you do receive a text purporting to be from your bank call them and ask if they sent it.
5. Fraudsters are unlikely to know your real name. Be suspicious if the email from a supposedly reputable business who you do business with already doesn’t contain your proper name.
6. Phishing emails and texts frequently have an urgent call to action. They want you to act without thinking, to click without thinking. ‘Your account has been compromised! You need to take action immediately, click here to verify your account’ is a good one. Think before clicking, always.
7. Many emails are read on smartphones, so the ‘hover over the ‘From’ area to see if the email sender looks authentic’ tip for identifying phishing emails a few years ago doesn’t work on smartphones. But if you’re on your pc or laptop obviously you can see who the sender is immediately, and if it doesn’t look right or there’s something funny about the sender’s email address close your browser and type in the proper URL.
8. Don’t open email attachments or click on email links or texts unless you’re absolutely certain you know who they are from. It’s this simple. If you have any doubts at all, don’t click.
Don’t assume that an email or text that looks authentic, is. Check carefully before responding.
Fraudsters sending phishing emails and texts (smishing) are becoming more and more clever and sophisticated. The most important thing is to not click on anything you have doubts about whatsoever. Go the the website independently, login and make sure that everything is normal. Then report the email or text as spam and delete it.