Helpdesk Challenge – how to spot a phishing scam email?
Phishing scams try to trick you into passing on username and password details by reply or by leading you to a site that looks like the official site of a bank or other online service.
While early examples were crude and easy to spot, the scammers now post messages or links to sites that are hard to tell apart from the official pages of trusted companies.
Computer users with Twitter, Amazon, Facebook and other accounts are used to receiving updates and notifications from those sites. With so many arriving, it’s easy to click through a malicious link without thinking.
One way to avoid these scams is to install a decent security program – read our Which? reviews of the best security software for recommendations – but a little knowledge and a keen eye can help too, as we’re about to explain.
Anatomy of a scam - how to spot a phishing scam email
Below is a screen capture of an email I received last month. I realised it was a scam quickly enough, but it was sufficiently convincing to make me do a double-take.
Dig a little deeper, however, and the warning signs are all there:
There’s plenty there to lure in the unsuspecting. This looks very similar to a typical Paypal receipt email, right down to the logo of Paypal itself.
The transaction amount, £39, is just high enough to catch your attention, but not so high to be dismissed outright as a scam (I’m looking at you, Nigerian emails with promises of millions).
But let’s look at the red flags:
- The email is listed as from Paypal, but the email address is shown in brackets as email@example.com
- Further down the email, the merchant is listed as firstname.lastname@example.org – that’s an inconsistency between the domain names of the two listed email addresses
- It asks you to log into your Paypal account, but says it may take a few moments for the transaction to appear. That’s time that could be spent skimming your account details.
- There’s no mention of shipping address, which should be your home address, something a scam email is unlikely to figure out. Though as it’s a digital transaction (allegedly), you may well look past this.
- The biggest flag of all, when you hover your cursor over the link which promises a refund, you see the true URL in the grey box at the bottom. This quickly reveals itself to having nothing to do with Paypal.
Verdict? Scam. And I’ll admit, a good one.
If I’d followed that link to something that looked convincingly like a Paypal page and logged in, I’d have given away my account details to goodness knows who.
Scam emails are becoming more sophisticated than ever, so be on your guard and watch out for similar warning signs to the ones above.
Post a Comment
Your email is never published nor shared. Required fields are marked