There was a time when fake emails were easy to spot. They usually announced a million dollar prize in a lottery we never entered or requested urgent access to your bank account on behalf of a long-lost relative. That’s no longer the case.
These days, phishing - defined as attempting to gain personal information for malicious reasons - is a sophisticated enterprise, often run by international criminal gangs who pour a lot of time and money into making their emails (or phone calls) realistic enough to trick consumers and businesses into revealing personal information for their own financial gain.
To prevent you or your business falling victim to a phishing email, here are seven things you should always check.
1. Check who the email comes from
While phishing emails usually purport to come from someone in authority, checking the email address of the sender often reveals that’s not the case. For instance, a senior figure at a respected company won’t email you from their Gmail account or from an organisation whose URL (ie web address, such as www.telstra.com) is different to their own. Sometimes, however, scammers will do a good job of masking their real email address - so it’s important to know this isn’t always a sure fire method for detecting a scam.
2. Check the language
Most phishing emails originate from overseas, so no matter how proficient the email’s author is, it’s likely that some of the language or terminology will be wrong. Check the email carefully to look for missing words, poor spelling or grammar, odd turns of phrase or even poor punctuation.
3. Check the URL they’re directing you to
Phishing emails almost always operate by sending you to a fake website. For instance, if Telstra launches a web-based promotion it’s likely to be hosted on its main site at an address such as telstra.com.au/promotion not promotion.pn/telstra. You can usually check the details of the URL the email is sending you to. To do this, place your cursor above the icon or ‘Click here’ sign, without clicking. Alternatively, if you’ve arrived at the website and you think it’s fake, check the address in the menu bar. But sometimes the fake URL can be very difficult to spot. If you’re unsure, play it safe - don’t click.
4. Check what they want from you
Phishing emails usually rely on tapping into one of two emotions: greed or fear. If you unexpectedly receive notice of a windfall or penalty, chances are it could be an attempt at phishing. Phishing emails also usually try to compel you to act quickly by telling you there will be consequences if you don’t do something soon.
5. Check what information they’re after
Scammers will usually want more information from you than you might feel comfortable giving out. For instance, they may ask you for your internet banking password even where it’s not needed - for instance, if the email says that the sender wants to transfer money into your account. So always be conscious of what information you’re giving out and why.
6. Check for attachments
Some phishing emails will attempt to hijack control of your computer by having you open an executable file, which opens a program and causes your computer to perform certain tasks. Scammers can mask the file type, so even a benign looking file such as a .PDF or .docx file may turn out to be something a lot nastier. Never open an attachment you're not sure about.