Blogpost by Jeffrey Clark (Student Digital Champion)
The Internet is a great place to connect with friends, work on projects, and even make money. However, there are some who will use the Internet to try and make money from YOU! Unfortunately, scams are becoming more and more advanced but thankfully I’ve got you covered! In this blogpost I’ll go over scam emails, what they are, how to identify them and what to do when you find them.
Make sure to read the Aberystwyth University page on spam emails before reading this blog post.
What is a phishing email?
A phishing email is an email that is designed to obtain sensitive personal data from you. This data may come in the form of your address, credit card information, or even your bank details! Phishing emails are usually disguised as legitimate business emails like the example below.
It’s easy to see how one might fall for a phishing email like this. Firstly, the email notifies the victim that their bank account may have been compromised which prompts them to act urgently. Secondly, there is nothing suspicious about the link at first glance. So how can you tell the difference between a legitimate email and a phishing email?
Ways to spot a phishing email or text?
- Note the language used: Does the email include phrases such as ‘we require your immediate attention’ or ‘you have 24 hours until we freeze your account?’ This is a form of social engineering designed to provoke an emotional response out of the victim. By threatening that there will be consequences for not responding, the email encourages users to act at once without the opportunity of looking at the email properly. Sometimes a phishing email might not even address you directly which is another red flag that the email comes from a template.
- Making you an offer you can’t refuse: Sometimes phishing emails don’t pose as ominous threats; they can also pose as tempting offers. Have you ever received an email telling you that you’ve won a contest or that you can save money on your next purchase using a voucher code? There’s a good chance that these ‘offers’ are phishing emails. As stated above, it’s wise to check the language used. Many phishing emails tell the victim that the ‘offers’ are only available ‘for 24 hours’ to prompt urgency in the same way. A great rule of thumb is that an offer is too good to be true it usually is.
- Look out for spelling and grammar mistakes: If an email is claiming to be from a legitimate business, and you’re unsure if it’s a phishing email or not, check the contents of the email. Does it have major spelling and grammar mistakes? Many emails from real business are automated and contain very few if any spelling and grammatical errors. However, phishing emails are often created by individual users, so they are more prone to spelling mistakes than official correspondence would be.
- Check the domain name of the email: When you order something from Amazon, you will receive an email confirming your order with a confirmation number. The email should come from the address ‘firstname.lastname@example.org.’ If you get an email telling you that you ordered something and you don’t remember doing so, I strongly advise that you check the email address it came from. If something seems suspicious, trust your instinct and don’t open the email.
- Heed the warnings of your email client: Some phishing emails can be detected by the automatic security software of your email client. For example, Outlook will warn you about opening emails from external clients (a user that is emailing you from a different email client.) Additionally, Outlook will also warn you not to click on any links or download any attachments from emails outside of the University network. Unless you recognize the sender, I strongly recommend not opening any emails from an external client.
- Contact the company: Many phishing emails are disguised as official emails from real-world companies. Some companies that are commonly impersonated by phishing scammers are Amazon, Royal Mail, and many banking companies. If you’re unsure if an email from them is official, send the company an email or call their customer service branch and explain your situation. Many will get back to you promptly and be able to help you out!
Avoiding a phishing email or text
Fortunately, simply receiving a phishing email is not enough for you to be a victim of a phishing attack and neither is opening it to check its contents. However, you should NEVER click on anything that’s in an email from someone you don’t recognize. Any links or attachments should be avoided because it’s possible for a phishing attack to go through even if you don’t enter any personal information. If the email looks suspicious to you then it’s advised that you delete the email. If the email comes from a company you’re associated with such as your bank and you’re unsure if the correspondence is official, then you should get in touch with the customer service branch of your bank for assistance.
I also recommend that you report the suspected email by forwarding it to the Anti-Phishing Working Group or the National Cyber Security Centre. If you receive a suspected email to your University email account, please forward this to Information Services (email@example.com). If you get a text message you suspect as a phishing attempt, forward it to the number 7762. By reporting phishing emails and texts, less and less people fall prey to phishing scams.
I accidently fell for a phishing email. What do I do now?
This part of the blog post is very important because the sooner you act when opening a phishing email, the more information you can protect from cybercriminals. The first step is to not panic, although this is easier said than done. Remember that simply opening a phishing email is highly unlikely to compromise your information. However, never click on any links in the suspected email or download any attachments. Let’s say that you’ve accidently clicked on a phishing email link, and it sends you to a form to fill out – DO NOT FILL OUT ANY PERSONAL INFORMATION! This information can be used to gain access to assets such as your bank account as well as other accounts you may use on the Internet. Sometimes these links will automatically download harmful malware to your computer in the background without you realizing it.
If you accidently click on a link in a phishing email, contact Information Services at once.
Want to learn more? Check out our LinkedIn Learning collection on phishing emails and texts.