Eight ways to spot a phishing scam
Do you want to save this article to read later? You need to be signed in for this feature
Phishing fraud is on the up. Find out how to avoid becoming a victim...
This week (18 to 22 October) marks National Identity Fraud Protection Week. Identity fraud is a growing problem and one of the biggest causes of ID fraud is phishing.
Phishing is where you receive an email from what appears to be your bank, or other financial institution, requesting you to reset or confirm your security details – often by following a link. However, these links will usually take you to a fake website with the aim of getting hold of your personal or financial details to defraud you.
Worryingly, recent research from Consumer Intelligence found that nearly one in 10 of online banking customers were not confident they would spot a phishing email from fraudsters claiming to be from their bank.
And even more worryingly, figures from the UK Cards Association show that the number of people who fell victim to phishing fraud in the first six months of 2010 rose by 21% to 31,448 compared with the same period last year.
Recent phishing warnings have come from the Student Loans Company, which has received 700 complaints so far this year. HMRC has also shut down 180 phishing websites this year, and Apple iTunes recently warned about a scam against its customers.
So if you’re concerned about this, here are eight ways to spot a phishing scam.
1. Email address
If you receive an email from what appears to be your bank, the first thing to check is that the email address used is the one you registered with. If it’s not, alarm bells should start ringing.
2. Generic greetings
It’s also a good idea to check how you’re addressed in the body of the email. Generic greetings, such as ‘Dear HSBC customer’, are likely to be used, rather than your actual name, if it’s a scam.
Don’t be scammed! Emma Roberts reveals some dangerous scams that are circulating the web
3. It’s all in the detail
If the email you receive includes personal details such as your credit card number or account number, check to see if they are correct. Scammers are highly unlikely to already have this information (considering they will be trying to steal it from you) and often include random numbers in the email to make it look more official in the hope that you won’t bother to check if they’re accurate.
4. Requests for personal information
Similarly, phishing emails are likely to ask you to confirm personal or financial details. However, banks will never ask you for personal information in emails – so if you’re being asked this, don’t reply.
5. Sense of urgency or danger
Often a phishing email will claim that your account is in jeopardy and will start with a dramatic statement such as ‘your account has been compromised’. There will be a sense of urgency to the email and it may claim if you fail to update your details or confirm your account information, access to your account will be suspended.
6. Spelling and grammar
Another trademark of a phishing email is bad spelling and grammar. So if the email is clumsy to read or there are spelling errors, be very wary!
7. Check the links
Always check any web links in the body of the message match those in the status bar of the email at the bottom of the screen. You can do this by hovering your cursor over the links.
If they don’t match, chances are it’s a scam. Make sure you don’t click on any links in the email and if you want to check it out, type the address out manually instead.
Follow these top tips to protect yourself against ID fraud
8. Tricks of the eye
Always carefully check any company names used in the email. Scammers can be very clever and often use a company name that looks very similar to the real deal – and a quick glance is unlikely to pick this up.
Scammers know we have a tendency to see what we want to see, rather than what’s actually there. For example, a web address might read ‘paypai.com’ rather than ‘paypal.com’ – and unless you’re checking this closely, it may pass you by.
Stay safe online
So now you know how to spot a phishing email. However, if you’re one of the many people who bank online, you might still be concerned about how safe it really is. In fact, according to Consumer Intelligence, 35% of online banking customers are worried about how secure their service is.
So here are some top tips to stay safe:
- Install up-to-date anti-virus software and a firewall to protect your PC – you can find out more about this in 14 ways to protect your privacy.
- Update your internet browser regularly to ensure your versions of Windows and Internet Explorer are kept current.
- Make sure you protect your wireless network which is vulnerable to eavesdropping, hackers and freeloaders. You can find out how to do this here.
- Don’t forget that your bank will never ask for your login details or personal security details, so don’t hand them over.
- Always delete suspicious emails.
- Never open an email attachment from an unknown source.
- Don’t click on any links from what appears to be your bank or other financial institution. Often they will take you through to a fake website which may look identical to your own bank’s website, but it isn’t.
- If you think you might have received a scam email, report it to firstname.lastname@example.org.
- Only carry out online transactions when the URL in the address bar says ‘https’ as opposed to the usual ‘http’. The ‘s’ stands for secure.
- Use software such as Mailwasher as this will help to cut down on unwanted spam emails. This means you’re less likely to become a victim of a phishing attack.
- Never leave your PC unattended when you're logged into an online banking service.
- Finally, always check your accounts regularly to keep an eye out for any unusual transactions. This is really easy to do with the lovemoney.com online banking tool as this amalgamates information from all your different providers, allowing you to see all of your different statements at a single glance, with a single log-in. (You can also categorise all your transactions, so you'll know immediately if some of your spending seems out of place.)