Phishing emails try to trick the recipient into revealing confidential information, usually by clicking a link in an email that takes the user to a fake website, where the information is requested.
These emails are made to look like genuine messages from banks or other online services and provide spurious reasons for clicking the links. Examples include:
- Confirming or verifying account details
- Confirming a payment or transaction
- Checking ‘unusual account activity’
- Needing to update an account
It is often hard to discern any difference between the attackers website and the genuine site. The more sophisticated phishing websites will redirect the user to the genuine website after recording the details requested, so the user may not even be aware that their information has been stolen.
Detecting phishing emails
The main way to detect a phishing email is through the links in the email. If the URL (the web address) of the links is not on the genuine site, do not click on them.
For example, if the email purports to come from paypal.com a valid URL for their site will include ‘.paypal.com’ just before the first forward slash in the URL after http://. Here ares some valid PayPal URLs:
Phishing emails will attempt to fake the URL by including the genuine domain name elsewhere within it.
Or use an IP address instead of a domain name at the start of the URL:
Another common technique is used is hiding the URL behind some text such as Login Here.
In Outlook (and other email clients), hovering your mouse over link text will display the URL it goes to. In a web browser, the URL will show in the bottom left corner of the browser window when the mouse hovers over it.
What to do if you find yourself on a phishing website or detect a phishing email
- Obviously, do not enter any information on the attackers website
- Close your web browser and run an anti-virus scan. Most phishing websites will attempt to leave malware on your computer just by visiting the site.
- Mark the email as Spam so that your email software will recognise it as spam next time.
- Report the email to the whoever it was trying to impersonate. Many banks and companies have an email address for reporting scams.
Other ways to detect phishing emails
- If the email is unexpected, e.g. if you haven’t recently made a payment or are not a member of the bank or online service
- If it requires you to enter personal information – most banks and other online services will not send you a link to login. They are more likely to direct you to their homepage and instruct you to login from there.
- If the reply address doesn’t look legitimate
- If the email seems ‘pushy’ or threatens you with closure of an account
- If the email has a generic greeting, most of the time, emails greet you by your name or a user name
- If the email is offering you free money – if it sounds too good to be true then it probably is.