Eight ways to spot a phishing scam

Rachel Wait
by Lovemoney Staff Rachel Wait on 18 October 2010  |  Comments 15 comments

Phishing fraud is on the up. Find out how to avoid becoming a victim...

Eight ways to spot a phishing scam

This week (18 to 22 October) marks National Identity Fraud Protection Week. Identity fraud is a growing problem and one of the biggest causes of ID fraud is phishing.

Phishing is where you receive an email from what appears to be your bank, or other financial institution, requesting you to reset or confirm your security details – often by following a link. However, these links will usually take you to a fake website with the aim of getting hold of your personal or financial details to defraud you.

Worryingly, recent research from Consumer Intelligence found that nearly one in 10 of online banking customers were not confident they would spot a phishing email from fraudsters claiming to be from their bank.

And even more worryingly, figures from the UK Cards Association show that the number of people who fell victim to phishing fraud in the first six months of 2010 rose by 21% to 31,448 compared with the same period last year.

Recent phishing warnings have come from the Student Loans Company, which has received 700 complaints so far this year. HMRC has also shut down 180 phishing websites this year, and Apple iTunes recently warned about a scam against its customers.

So if you’re concerned about this, here are eight ways to spot a phishing scam.

1. Email address

If you receive an email from what appears to be your bank, the first thing to check is that the email address used is the one you registered with. If it’s not, alarm bells should start ringing.

2. Generic greetings

It’s also a good idea to check how you’re addressed in the body of the email. Generic greetings, such as ‘Dear HSBC customer’, are likely to be used, rather than your actual name, if it’s a scam.

Don’t be scammed! Emma Roberts reveals some dangerous scams that are circulating the web

3. It’s all in the detail

If the email you receive includes personal details such as your credit card number or account number, check to see if they are correct. Scammers are highly unlikely to already have this information (considering they will be trying to steal it from you) and often include random numbers in the email to make it look more official in the hope that you won’t bother to check if they’re accurate.

4. Requests for personal information

Similarly, phishing emails are likely to ask you to confirm personal or financial details. However, banks will never ask you for personal information in emails – so if you’re being asked this, don’t reply.

5. Sense of urgency or danger

Often a phishing email will claim that your account is in jeopardy and will start with a dramatic statement such as ‘your account has been compromised’. There will be a sense of urgency to the email and it may claim if you fail to update your details or confirm your account information, access to your account will be suspended.

6. Spelling and grammar

Another trademark of a phishing email is bad spelling and grammar. So if the email is clumsy to read or there are spelling errors, be very wary!

7. Check the links

Always check any web links in the body of the message match those in the status bar of the email at the bottom of the screen. You can do this by hovering your cursor over the links.

If they don’t match, chances are it’s a scam. Make sure you don’t click on any links in the email and if you want to check it out, type the address out manually instead.

Follow these top tips to protect yourself against ID fraud

8. Tricks of the eye

Always carefully check any company names used in the email. Scammers can be very clever and often use a company name that looks very similar to the real deal – and a quick glance is unlikely to pick this up.

Scammers know we have a tendency to see what we want to see, rather than what’s actually there. For example, a web address might read ‘paypai.com’ rather than ‘paypal.com’ – and unless you’re checking this closely, it may pass you by.

Stay safe online

So now you know how to spot a phishing email. However, if you’re one of the many people who bank online, you might still be concerned about how safe it really is. In fact, according to Consumer Intelligence, 35% of online banking customers are worried about how secure their service is. 

So here are some top tips to stay safe:

  • Install up-to-date anti-virus software and a firewall to protect your PC – you can find out more about this in 14 ways to protect your privacy.
  • Update your internet browser regularly to ensure your versions of Windows and Internet Explorer are kept current.
  • Make sure you protect your wireless network which is vulnerable to eavesdropping, hackers and freeloaders. You can find out how to do this here.
  • Don’t forget that your bank will never ask for your login details or personal security details, so don’t hand them over.
  • Always delete suspicious emails.
  • Never open an email attachment from an unknown source.
  • Don’t click on any links from what appears to be your bank or other financial institution. Often they will take you through to a fake website which may look identical to your own bank’s website, but it isn’t.
  • If you think you might have received a scam email, report it to reports@banksafeonline.org.uk.
  • Only carry out online transactions when the URL in the address bar says ‘https’ as opposed to the usual ‘http’. The ‘s’ stands for secure.
  • Use software such as Mailwasher as this will help to cut down on unwanted spam emails. This means you’re less likely to become a victim of a phishing attack.
  • Never leave your PC unattended when you're logged into an online banking service.
  • Finally, always check your accounts regularly to keep an eye out for any unusual transactions. This is really easy to do with the lovemoney.com online banking tool as this amalgamates information from all your different providers, allowing you to see all of your different statements at a single glance, with a single log-in. (You can also categorise all your transactions, so you'll know immediately if some of your spending seems out of place.)

More: Five disgusting scams we hate | Seven sneaky identity theft tricks

Enjoyed this? Show it some love

Twitter
General

Comments (15)

  • CuNNaXXa
    Love rating 410
    CuNNaXXa said

    Banks are getting a bit more savvy these days, and are using the same technique that paypal uses to catch hijacked accounts, and that is to check the locale of the IP accessing the account. After all, if you access from an IP in London, then the next day access from Egypt, there is a very good chance your account has been compromised.

    Of course, there are ways around this, such as using proxies, but not all crims are that savvy, and some do slip up.

    I still think one of the best ways to secure your connection is for ISPs to offer Static IPs, then have your account hard linked to this one IP. Even if they cannot do this, an IP will belong to a range that is owned by the ISP, so even this can be used to determine if someone has moved ISP, or more practically, to flag the account as possibly compromised.

    Remember that while we are expected to safeguard our information, so are our banks. They have a duty of care to ensure that they reasonably stop fraudulent transactions, or spot them as they are happening. We might hold the key, but they are the gateway.

    One thing to remember above all, and that is if you want to log into your account, use the bookmark YOU have saved, and not a link supplied. If you are feeling really paranoid, close your browser first, then re-open it with the default home page.

    Report on 19 October 2010  |  Love thisLove  0 loves
  • dewil_be
    Love rating 0
    dewil_be said

    I find your advises very interesting, as they are valid in all European country (I am Belgian). Do you have a similar site in Belgium? Congratulations for your work and advises.

    Report on 30 January 2011  |  Love thisLove  0 loves

Post a comment

Sign in or register to post a reply.

Our top deals

Credit card
company
Balance transfers rate and period Representative
APR
Apply
now

Barclaycard 31Mth Platinum Visa

0% for 31 months (2.99% fee) Representative 18.9% APR (variable) Apply
Representative example: Assumed borrowing of £1,200 for 1 year, at a Purchase Rate of 18.9% (variable), representative 18.9% APR (variable). Credit available subject to status. A Balance Transfer fee of 3.5% will be applied, then reduced to 2.99% by a refund (terms and conditions apply). Plus an additional £20 fee refund on balance transfers over £2000.

Barclaycard 30Mth Platinum Visa

0% for 30 months (2.89% fee) Representative 18.9% APR (variable) Apply
Representative example: Assumed borrowing of £1,200 for 1 year, at a Purchase Rate of 18.9% (variable), representative 18.9% APR (variable). Credit available subject to status. A Balance Transfer fee of 3.5% will be applied, then reduced to 2.89% by a refund (terms and conditions apply). Plus an additional £20 fee refund on balance transfers over £2000.

MBNA 30Mth Platinum Credit Card Visa

0% for 30 months (2.89% fee) Representative 18.9% APR (variable) Apply
Representative example: Assumed borrowing of £1,200 for 1 year, at a Purchase Rate of 18.9% (variable), representative 18.9% APR (variable). Credit available subject to status.
W3C  Thank you for using Lock, Stock and Two Smoking Barrels