How to spot Phishing
Emails
Who is the email from?
Phishing emails look like they come from a real email address from a reputable organisation such as a bank. However, it is relatively simple to create a fake entry in the "From:" box, so it should not be viewed as a guarantee that it has come from the person or organisation that it says it did. In this section we have used the example ‘MyBank’, but the phishing email could easily be manipulated to appear to come from any high street bank or well-known company.
......................................................................................................................................................................................
Who is the email for?
The emails are sent out at random to bulk email address lists. The fraudsters will almost certainly not know your name or anything else about you, and will address you in vague terms like "Dear Valued Customer".
......................................................................................................................................................................................
Take a closer look at the email, does it look "phishy"? Does the email:
- address you in vague terms, such as “Dear Sir or Madam”?
- ask for personal information, such as your online banking login details?
- ask you to click on a link in the email or download an attachment?
- come from an organisation you don’t normally deal with?
- contain odd ‘sp3lling’, have poor grammar or use ‘CaPiTals’ in strange places (phishing emails do this in an attempt to avoid spam filter software). If the answer is yes to more than one of these questions, the chances are that you’ve received a phishing email.
......................................................................................................................................................................................
Example scam email:
In this example phishing email (above) you are asked to click on a link and confirm your data. You should never log in to your online bank account having clicked on a link in an email. If you want to log in to your online bank account, you should open your internet browser and type the bank's web address in yourself.
See more examples here.
......................................................................................................................................................................................
Top Tip:
Hover (but don’t click) your mouse pointer over the link, it should show you the real web address, as shown in the box below. Be very cautious if it looks nothing like the genuine company's web address. If you are still unsure whether an email request claiming to be from your bank is genuine or not, contact your bank on an advertised phone number. Where's that link going to? Don’t be fooled into thinking that just because the link uses your bank’s name that it is genuine. It’s possible to disguise the real destination of a link in an email. It may look like it is taking you to your bank’s website but, in reality, you could be directed to a fraudster’s bogus site. Remember: You should never log in to your online bank account having clicked
on a link in an email.
......................................................................................................................................................................................
Websites
What's the site address?
If you visit a website after clicking on a link from an email, there are many ways of disguising the true location of a fake web site in the address bar. The site address may start with the genuine site's domain name, but that is no guarantee that it points to the real site. Other tricks include using numerical addresses, registering a similar address (such as www.mybank-verify.com), or even inserting a false address bar into the browser window. Many of the links from these pages may actually go to the genuine web site, but don't be fooled.
......................................................................................................................................................................................
Beware of fraudulent pop-up windows
Instead of displaying a completely fake website, the fraudsters may load the genuine website in the main browser window and then place their own fake pop-up window over the top of it. Displayed like this, you can see the address bar of the real website in the background, although any information you type into the pop-up window will be collected by the fraudsters for their own usage. To access your online banking account, type the address into a new window yourself. The address of your genuine bank site will start “https” and will include a small padlock in the bottom of the browser window. Reporting suspicious emails If you receive a suspicious email, please inform your bank as directed on their web site and forward the email to our report a scam email address. Remember:
- Banks will never email you to request that you "confirm" or "update" your password or any personal information by clicking on a link and visiting a website.
- Treat all unsolicited emails with caution and never click on links from such emails and enter any personal information
- To log-on to internet banking, open your web browser and type the address in yourself
- If in doubt about the validity of an email, or if you think that you may have disclosed information to a fraudulent site, contact your bank immediately on an advertised number.