Whitwick U3A logo

Whitwick & District U3A

 

Thursday, 15 November 2018

Thursday, 15 Nov 2018

U3A logo

Whitwick & District U3A - Computing tip November 2015

Phishing

Every day millions of phishing emails are sent, and while some are so outlandish that they are obvious frauds, others can be a bit more convincing. So what do you look for in a phishing message? Unfortunately, there is not a single answer, but they often play on our emotions e.g. curiosity, fear, or greed. Below are some things that you can look out for:

Fake sender

Just because a message appears to come from someone you know doesn't mean that it does. It is trivial to fake an email address, so don't make assumptions. You can help your recipients by putting meaningful Subjects on your messages e.g. "Photos from last night's dinner" is much better than "Photos" - they will know if they had dinner with you last night and hence be able to judge the message as genuine.

The message contains poor spelling and grammar

Whenever a large company sends out a message it is usually reviewed for spelling, grammar, and legality, among other things. Hence a message filled with poor grammar or spelling mistakes probably didn't come from a major organisation.

The offer seems too good to be true

There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.

You didn't initiate the action

Recently I received an email message informing me I had won the lottery! The only problem is that I never bought a lottery ticket. If you get a message informing you that you have won a contest you did not enter, it is a scam.

You're asked to send money

One tell-tale sign of a phishing email is that you will eventually be asked for money. You might not get hit up for cash in the initial message. But, sooner or later, phishing artists will ask for money to cover expenses, taxes, fees, or something similar. If that happens, it's a scam. It also can appear in the guise of someone you know claiming to be abroad and having their money stolen so they need you to send them cash so they can return home.

The message asks for personal information

No matter how official an email message might look, it's always a bad sign if the message asks for personal information. Your bank doesn't need you to send it your account number; it already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

The message is in some way threatening

Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. You may receive an official-looking message that is allegedly from a Bank. Everything in it seems completely legit except for one thing. The message says your account has been compromised and that if you do not submit a form (which asks for your account number) along with other personal information, your account would be closed. A similar approach is one where you are sent an invoice for something you have not purchased. Again the idea is to trick you into providing personal financial information as you try to investigate it.

The message appears to be from a government agency

Phishing artists who want to use intimidation don't always pose as a bank. Sometimes they'll send messages claiming to have come from the police, HMRC, or just about any other entity that might scare the average law-abiding citizen. Remember, government agencies don't normally use email as an initial point of contact.

Check the links

One of the first things to check in a suspicious email message is the integrity of any links, and there are two common ways they can deceive. Often the link in a phishing message will appear to be perfectly valid. However, if you hover over it with your mouse, you should see the actual hyperlinked address. If it is different from the address that is displayed, the message is most probably fraudulent or malicious. The other aspect depends on their victims not knowing how the naming structure works. The last part of a domain name is the most telling. For example, a link to info.fredsmith.co.uk would be part of fredsmith.co.uk because fredsmith.co.uk appears at the right-hand end. (Ignore anything after a /). Conversely, fredsmith.co.uk.dodgyplace.com does not originate from fredsmith.co.uk because the reference to fredsmith.co.uk is on the left side of the name - the critical part is the dodgyplace.com. This trick is frequently used as a way of trying to convince victims that a message came from a company like Microsoft, Apple or their bank.

Something just doesn't look right

Casino security teams are taught to look for anything that "just doesn't look right". The idea is that if something looks off, there's probably a good reason why. This same principle almost always applies to email messages. If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on the message.

See also tips for April 2013 and April 2017

Credit - this item was prompted by an article on TechRepublic.

Previous Windows 10 & Privacy
Back to Information
Next Support for IE

Page content updated 16-3-17