It’s been reckoned that cybercrime, and in particular a tool known as Phishing, costs businesses  £21 Billion every year, when you factor into that the effect it has on ordinary people the real cost is more like £47 Billion per year, every year and that number is only getting bigger.

 Phishing is the practice of sending fraudulent emails or other messages – like text messages – that purport to be from respected and credible organizations and companies to make the target give away sensitive personal information like passwords, credit card numbers and bank details.

Thankfully, no matter how sophisticated the scheme is there are ways to keep one step ahead of the criminals and to keep their fingers out of your wallet.

Check the Sender’s Email Address or phone number.

This is a pretty basic one, if you receive a email and you suspect that it is not quite on the level double check the email address of the sender, it can be something subtle (for example a transposition of a couple of letters in the address – Santnader for Santander for example, or it could even be the substation of a .com domain for a .net of vice versa. If something doesn’t look right, double check it.

Also, be very careful when confirming the telephone number that you receive calls from purporting to be your bank, I once had a call that spoofed one of my bank’s own numbers.

Look for Generic Greetings

Going back to the very dawn of emails and the grandfather of all phishing scams, the so called African Prince scheme, the generic greeting has long been a dead giveaway on scam emails.  If the communication begins ‘Dear Customer’ then the likelihood is that it is from a fraudster.  Remember legitimate companies will always take the time to personalise the salutation.

I once had an ‘African Prince’ email me with a salutation line that went “Dear, beloved sister in Christ”, considering I’m male it came as a surprise.

Examine the Language and Tone

Spelling, punctuation and Grammer are your three best friends when it comes to spotting a scam email. Professional organizations usually maintain high standards in their correspondence – which means that if you see a glaringly obvious error that could be a dead giveaway that the sender has fraudulent intent.

Be extremely cautious of the use of exclamation marks (you must act now!!), this is an email from a respected institute, not a batman comic. Treat exclamation point like giant flashing warning beacons.

Be Cautious with Links

When you receive an email that you suspect may not be on the level, hover your mouse over the link to check the URL (the address that it will send you to). If something looks wrong, like a URL made up of nonsense characters and not a nice clean web address, then something could well be wrong.

A link like http://fgrj123.ugo/fjf47/uns39!2 never leads you to a good place.

Don’t Trust Urgent Requests

Honest senders will never make a request urging you to take immediate action. If you receive an email written with a false sense of urgency, treat it with the utmost caution. If your account has been hacked, and the provider truly is aware of it, they will probably just freeze your account so no harm can come to it.

On the whole if you see a message saying that you must act within a certain timeframe the chances are that it’s a scam.  This also applies to if you a surfing the net and get a pop up warning you that you have a virus, you probably don’t when you see the message but clicking on any links in such a message is the surest way to get one.

Verify with the Source

If you see an email purporting to be from your bank that is starting to ring alarm bells, call them by phone on a number that you have independently verified to be correct (by a web search for example).  The last step is important because some scammers are advanced enough to put a number on the fraudulent email that will connect you to them.

Never underestimate how much effort a scammer is ready to put into a con, it could save you potentially thousands of pounds if you just take the time to double check the contact details and give them a call.  Banks and building societies are made aware of new scams on a daily basis so you not only will save yourself money, but you will be helping others too.

Look for Unusual Attachments

Some advice from the very earliest days of malware prevention and cyber security; never, ever, click on an email attachment that you aren’t 100% sure of what it does.  No matter what the email promises that it is, no matter what, don’t click on attachments that ether you don’t know the origin of, that you don’t recognize the file type. (the suffix, a dot followed by three characters like .mp4, .jpg or .gif)

In the early 2000’s an email virus did the rounds, purporting to have nude photos of the tennis player Anna Kournikova, it of course did not and contained a type of virus called a worm that really did a number on your hard drive.  According to the FBI this single virus alone did $166,000 in damages to their own network alone.

Check for Unusual Requests

I’m going to go out on a limb here, there is no situation, at all, that I can think of where a legitimate company would ask for you to put your unencrypted bank details in an email. A legitimate company these days will not request that you send them Personally Sensitive Information. 

As with pervious entries, if you have any doubts at all call the company on an independently verified number or email them on an address you have used before if you have any doubts about the legitimacy of a request.

Pay attention to the details.

Here’s where you need to really look at the details, if you get an email saying that you have a parcel held up with a courier and you need to pay a small fee for example you need to be very careful.  I had one a little while ago that was made to look like it was from UPS, everything about the email looked legit, apart from the logo, the logo had the initials UDS.

Big companies pay handsomely for branding and something as simple as a slightly wrong colour in the company logo, or something as glaring as incorrect initials in the logo mean that you should treat any emails form the sender with the utmost caution.

Stay Informed

Scammers do this for a living and as such they are constantly improving and refining their tactics. The most powerful weapons we have against them are knowledge and each other.  Keep yourself informed on the latest scams and visit sites like Reddit to connect with members of the anti-scamming community.

So, there you have it, ten tips to stay one step ahead of the scammers, remember this is just scratching the surface and remember the golden rule, if it looks wrong and your ‘spider sense’ starts to tingle then hit delete and call the organisation in question.

Stay safe, and make backups regularly,

Rob ‘The Computer Guy’ Devlin


Leave a Reply

Your email address will not be published. Required fields are marked *