Ten ways to identify a phishing email

Thursday, 19 March, 2020

Phishing is very much a product of the modern age, yet its principles are as old as the hills.

The word ‘phishing’ derives from fishing, where a hook is baited and then dangled in front of unsuspecting victims in the hope one of them succumbs to temptation.

Phishing rose to prominence in the 1990s, when fraudulent (yet official-looking) messages were sent to AOL customers, requesting their passwords and financial information.

Since then, attempts at obtaining sensitive personal information through email-based deception have flourished.

In the Noughties, there were fears email may be destroyed by the waves of fraudulent messages purporting to be from legitimate organisations like PayPal and HMRC.

And while today’s email spam filters are generally able to differentiate and identify a phishing email from a genuine message, dodgy mail still periodically reaches our inboxes.

From address cloning to link manipulation, it’s useful to recognise the social engineering tricks and sleight of hand which betray phishing campaigns…

Ways to identify a phishing email

  1. It’s unexpected. Context is often key to identifying phishing mails. If you haven’t used your credit card recently, why would your bank claim there’s a problem with a payment?
  2. It’s badly presented. Missing graphics, poor formatting and pixelated logos often betray phishing emails. Legitimate firms with marketing teams are rarely so unprofessional.
  3. It’s full of typos. Similarly, spelling, grammar and punctuation are rarely specialisms of overseas spammers. Their grasp on English is more rudimentary than UK-based senders.
  4. There’s no personally identifiable information. PII includes your name, address and account number. “Dear Customer” suggests the sender doesn’t know who you are.
  5. There’s too much urgency. To cover the flaws in their emails, criminals imply urgency to rush us into handing over PII. Be very suspicious of emails demanding urgent action.
  6. Study the top-level domain (TLD). Genuine messages usually come from co.uk or .com domains. Fraudulent ones often originate in China (.cn), Nigeria (.ng) or Russia (.ru).
  7. Examine the sender’s address. Spammers may adopt similar addresses to genuine firms, such as Amazom,com. Also watch out for ‘hidden’ domains like orders.amazon.spam.com.
  8. Hover your mouse over the sender’s address. Displayed names can differ from the email accounts used to send a message. If the two don’t match, you might be looking at spam.
  9. Copy the email’s subject or body text into a search engine. Spam forums are constantly updated, so check if your search string matches any known phishing campaigns.
  10. Be wary of unsolicited attachments. Many phishing vehicles rely on compromised files, so don’t open unexpected .DOCX or .PDF files without antivirus scanning them first.

What do I do if I receive a phishing message?

The simplest and most effective answer is to delete the email from your inbox, and then empty your spam/junk folder to make sure it’s expunged off your system.

However, there are more philanthropic things you can do.

Firstly, report it to the organisation being spoofed. They might place a message on their website or social media platforms, warning other people to watch out for this campaign.

Next, forward it onto spam monitoring bodies like Action Fraud. Google and Bing have in-house phishing teams, while you could go global by reporting it to America’s CISA at us-cert.gov.

Finally, study the message closely to see which of the points above apply to it.

Practice generally makes it easier to spot other phishing campaigns in future.

Neil Cumins author picture


Neil is our resident tech expert. He's written guides on loads of broadband head-scratchers and is determined to solve all your technology problems!