Being able to tell the difference between a legitimate email and one that is “phishing” for your credentials can save yourself and your business thousands of dollars. Phishing emails can be quite convincing, which is what leads to the high number of people falling victim to them every year. However, if the time is actually taken to decipher these emails, they can be quite easy to spot. If you are unsure about what a phishing email actually is, you can read more here.
Check out the below phishing email claiming to be from the Australian Tax Office and see if you can spot why it is obviously fake.
Here are 4 tips for spotting a phishing email.
Check who the email comes from
This is the first thing to check whenever you receive an email that you think may be suspicious. In the example above, the email claims to be from a government department, therefore it would be expected that “.gov” is present in the email address, however the email address is lacking that, which instantly raises a red flag. A phishing email will often be from an email address that does not quite make sense.
Check any links and attachments
One general rule of any email you receive is to not open any attachments that you are not expecting. Most people seem to know that email attachments can easily be infected with malware or a virus, which infects your computer when opened, however people are not as vigilant when it comes to web links in emails.
In many email programs, if you hover your mouse over any link in an email, the link address will show. A phishing email will often show an address that makes no sense, is excessively long, or is not from the expected domain. In the ATO example above, the address was electrosafe.net.au/index. Can you see why it would be weird for the ATO to use this address?
Make it part of your routine to check the address of any link in a suspicious email before you click.
Check the spelling, grammar and any dates in the email
Often phishing emails will be poorly written which can make them easier to spot. Any marketing email that a large company sends is usually checked many times for any incorrect spelling, grammar or dates, so a poorly written email from someone claiming to be a large company is usually quite easy to spot. Not every phishing email contains mistakes however, so do not use this as your only check before clicking on links and entering your details into a web page.
Finally, stop, have a good look and apply some common sense
People are typically busy. It is a fact of life, however the people trying to fool you with the phishing emails use this to their advantage. They suck people in by offering enticing deals and people click before they really stop to think.
Often applying some common sense can be all that is needed to prevent these attacks. If you receive an email stating that there is an issue with your tax return, have you even lodged yours yet? If you receive an email from a frequent flyer program, are you even a member? Be wary, use some common sense and you will be able to protect yourself. Also remember that no legitimate email will ever ask you for your login details or other personal information.
Phishing emails are becoming more and more convincing, however if you stay vigilant, they are actually quite easy to spot. It is always better to ignore and delete an email that you are suspicious of rather than submitting your details. If you are really unsure, contact the company via another method and ask if the email was legitimate.