Recognising scams and phishing emails

Phishing is a type of fraudulent activity where an email is sent from a cybercriminal pretending to be from a reputable company. Their aim is to induce individuals to reveal sensitive or personal information, such as passwords or credit card numbers.

How to recognise a scam/phishing email?

It is important to look carefully at every email you receive to ensure you can recognise the difference between a normal email and a phishing email. Some of the ways in which you are able to recognise these emails are listed below.

1. Look closely at the sender’s email address.

Usually, if you receive a scam email the name of the sender will appear legitimate however the email address it is sent from may seem suspicious. To check the email address is genuine it is a good idea to hover over the sender’s name and reveal the email address behind it. If the email does not match the name of the sender or the email has multiple random numbers included, it is likely to be a scam/phishing email.

2. Check for any spelling mistakes/poor grammar.

Generally, phishing emails will contain poor punctuation, grammatical errors, and spelling mistakes. If you notice an email with these mistakes, it is most likely a scam as an email from a legitimate company would usually be free from errors.

3. Verify the URL.

Often the premise of a phishing attack is to get the reader to click on a link/attachment to enter their personal details. To understand if an email is a scam, copy and paste the link into a search engine to see if the URL matches the company that has supposedly emailed you. If the URL does not match or looks suspicious this is most likely a scam.

4. Check how you have been greeted in the email.

If you receive an email that does not include your name or a personal greeting it potentially could be a scam. This is because a phishing email may be sent to many people within an organisation at once, hoping one person may provide their personal details.

5. Look closely at the logo.

Scammers may attempt to forge a company logo and attach it to the email. However, it is usually incorrectly copied, and the logo will have noticeable differences.

What to do if you are still unsure

If you are ever unsure of the legitimacy of an email it is important to follow the below steps until you are certain the email is safe.

• Do not call any numbers listed within the email
• Do not open any links or attachments within the email
• Do not respond to the email
• Do not share the email publicly as other people may be scammed

If the email you receive is from a company, you should contact the organisation directly to confirm whether they sent the email.

If the email is from someone you know but you are unsure, you should contact the person directly using alternative means such as their personal telephone number to verify they have sent you the email.

Taking these steps ensures that any links/attachments are safe to open.

What can you do if you receive a phishing email?

Run a security scan – It is best practice to run a full malware scan to ensure your device is not compromised in any way.

Change passwords - Once you have completed the scan you should change your passwords immediately. When changing your password, ensure you select the option to ‘log out of all other devices' to prevent someone from remaining in your account after the password has been changed.

Report – You can report the scam email to the National Cyber Security Centre which has the ability to investigate and remove, both scam websites and emails.

Tips to remember

• When it comes to recognising scams and phishing emails, you can never be too cautious.
• Think twice before clicking on any links in an email, even if you think the email is legitimate.
• Do not be afraid to report an email if you think the sender may not be genuine.