Phishing scams are one of the most common web cons. They impersonate legitimate websites or emails to trick you into supplying personal information, such as passwords, or infect your computer with malware.
Phishing scams can convince even the most sceptical surfer. The emails are typically designed to look like they need a response, and appear to come from a company you regularly use, such as your online bank.
Find out how to get your money back if you've been a victim of a scam
Phishing scams: always check the URL
One of the easiest ways to tell if you're dealing with a scam phishing email is to hover over the links in the email. Remember, hover - don't click!
At the bottom of your browser screen, this should show you a preview of the true destination that the link will take you to. If this looks like it has nothing to do with the official service that the email purports to come from, you're dealing with a phishing scam.
What to look for in a phishing scam email
Below is a real example of a scam phishing email that purports to be from PayPal, but is in fact a scam designed to lift your personal details or infect your PC with malware:
There are a number of warning flags to look out for in the email above:
Phishing with a familiar name as bait
Phishing emails may look like they’re coming from a service you use, but company logos are easy to fake, so don't be taken in just because the email or website looks as it should.
Who was the email sent to?
Look at the names in the ‘To:’ field of the email header. Multiple recipients are a sure sign the email is phishing for information from anyone unwary enough to respond.
If there are ‘undisclosed recipients’, it may mean it hasn’t been sent directly to you and you alone, but to a whole host of potential victims.
Your own name?
Legitimate company emails address you by name, often including postcode details to confirm the relationship.
Emails that start ‘Dear customer’ can usually be deleted, though many phishing emails are canny enough to autofill your first name from your email address.
If your name’s not mentioned, it’s a sign that you should be wary.
Check the links
Links that lead to sites serving malware or set up to steal passwords look like they take you to a legitimate company. Hover your cursor – but don’t click – over the link to bring up a pane showing the actual destination.
If it’s different from the link it claims to be, or has a strange suffix, other than .co.uk or .com, don’t click on it.
If in doubt, navigate manually to the official website to check your account for recent transactions – by typing www.paypal.co.uk into a new browser window, for example.
Bad grammar
Phishing emails are often written by people whose first language isn’t English. So watch out for bad spelling, poor formatting or words that are wrongly capitalised.
What you should do
If you think you’ve found a phishing email, the safest thing to do is delete it immediately. Never follow a link on a suspicious looking email, even if it seems to be coming from a trustworthy name.
If the rogue site snaffles any details you input, you’ll give the scammers all they need to break into your account.
To check if the email is genuine, rather than following the link, open your PayPal or online banking account in a new window by typing in the official address, and check your account for corroborating information.