How to spot a phishing email

Saturday, 1 December, 2018

“Greetings of the day! I am Nigerian PRINCE, and I have named you the benefiter of a legacy inherited to me of $17,500,000.”

So begins a typical phishing email, of the sort we’ve all received at one time or another.

We tend to dismiss these unsolicited communiques as fairly benign – just the latest evolution of spam mail.

However, as cybercrime has evolved and expanded over the last 25 years, phishing campaigns have become increasingly adept at creating a sense of urgency.

Even astute individuals occasionally fall for well-developed phishing campaigns, named after the technique of casting a wide net in the hope something ends up snared in it.

Businesses are constantly being impersonated, with corporate logos and even unsubscribe links copied and pasted from legitimate mails into fraudulent ones.

Display names rarely tell the whole story of an email’s origins, so a message from “Apple” might not actually be authentic.

Phishing messages encourage recipients to click on links which will take them to a compromised website, or open attachments that install malware onto their device.

Fortunately, despite rising levels of subtlety, phishing emails often contain tell-tale warning signs all is not as it seems:

Spelling and grammar issues. Phishing campaigns tend to originate in third-world countries, where public agencies are ill-equipped to tackle cybercrime.

Messages are therefore written by people who don’t speak English as a first language, which explains the proliferation of spelling, grammar and punctuation errors.

You don’t need an English degree to know your bank would never send a message saying “it have come to our attention”, or finishing a sentence with two exclamation marks.

Poor formatting. This takes various forms, from overlapping text and different font styles to missing images and pixellated logos.

While some phishing emails are well-designed, most are cobbled together by people with limited software and a rudimentary knowledge of HTML coding.

Be wary of text-only emails containing blue hyperlinks, since these are often designed to take people onto compromised webpages, or begin the download of keystroke-logging malware.

Obscure sender addresses. It’s easy to adjust the display name when an email is received, but it’s far harder to disguise which account the message was sent from.

An email supposedly sent by BT might actually be from Foreign country code TLDs like .cn and .ru should always be approached with care.

Hovering your mouse over the From field in certain email packages will reveal the sender’s address. In the example above, you’d expect an email sent by BT to end in

Obscure recipient addresses. The issues with sender identification also apply to a message’s recipients.

Phishing emails tend to be Bcc’d to hundreds of people, while a generic address appears in the To field.

This undermines the plausibility of any message purporting to be targeting an individual, especially if the email’s body text starts “Dear Customer” or even “Hi”.

Unusual requests. Phishing aims to achieve financial gain, usually by acquiring confidential information to use for fraudulent purposes.

Be suspicious of any email asking you to confirm account, password or login credentials, particularly if it relates to a financial services or ecommerce platform.

Never click a link to reset your password unless you’ve just asked to change it – if in doubt, type the company’s web address into your browser rather than following a link.

Threats. There’s a growing trend for blackmail phishing, where criminals claim to have hijacked the message recipient’s webcam.

The sender claims to be in possession of footage showing the recipient watching online pornography, and threatens to publish this footage online unless a ransom is paid in bitcoin.

This is an unusually direct form of phishing, often accompanied by false claims about knowing the victim’s password.

Vigilance is your best weapon

We’re all busy people, and checking our email has become so commonplace that it’s often done without paying full attention.

In these distracted circumstances, it’s surprisingly easy to open an infected attachment and unleash a malware attack.

Given the record levels of cybercrime currently being reported, checking inboxes isn’t something to be done while multitasking or daydreaming.

A single misplaced mouse click could compromise the security of your web browser or device, adding your name to next year’s list of phishing victims.

Neil Cumins author picture


Neil is our resident tech expert. He's written guides on loads of broadband head-scratchers and is determined to solve all your technology problems!