Oh No! You just opened your email and there’s a message from your bank. There’s a problem with your account. Luckily the bank has provided link, so you can fix the issue on line.
I know … you’re not falling for it. You know it’s a scam. This one is obvious. Classic phishing (fishing).
But scammers will use the same technique to steal your private login details for other websites, giving them access to things like your Apple, Google, Amazon, or PayPal accounts – which are often tied your credit card or bank accounts.
Common Phishing Characteristics
The devil is on the details. Scammers will often make phishing emails look very real, but they usually lack attention to detail.
Below, I have highlighted the most common tell-tale signs of a classic phishing email.
1. The Important Notice
Scammers use a number of manipulative techniques to get your attention. In this example, the bank (supposedly) has sent me an important notice. My “banking functionality has been temporarily limited”.
We all get lots of important emails. But when you see a big bold “Important Notice” you should start to feel a mild tingling in your spidey senses.
2. Bad English
Poor grammar, spelling, and and punctuation mistakes all point to a phishing scam. In the example above, supposedly from TD Bank, the scammer’s inconsistent spelling of the bank’s trade name is a tip-off. Sometimes “TD Bank” – with a space between “TD ” and “Bank” – and sometimes “TDBank” with no space.
Also, the text content in the body of the email is sloppy; upper case letters for no reason and a double period .. at the end.
3. Unrelated Sender
In almost every email app – whether it’s in Windows, MacOS, iOS, or Andriod – you can see the email address of the sender. If the sender’s email doesn’t appear to be related in any way to the company they supposedly represent, it’s probably a scam.
This can be tricky, however, because scammers can “spoof” real addresses. So even if the sender looks legit, you’re not necessarily safe.
4. Check the Links
No matter what … DON’T click anything until you are 100% positive that it’s safe. How can you tell? If you’re using a laptop or desktop PC (or Mac) just hover your mouse pointer over a link and the web address will appear. Phishing links will almost always point to a web address that is unrelated to the real one.
Be sure to investigate all the links in the email message, including the infamous “unsubscribe” button.
5. Don’t Unsubscribe
Don’t want annoying spam emails? Of course … just click “unsubscribe” an they’ll never bother you again. Scout’s honour.
In truth, the unsubscribe button is the scammer’s last hope; their final attempt to get you to click something – anything. Don’t fall for it. Best case scenario – you’ll get more spam. Worst case scenario – somebody will be applying for eleven credit cards using your social insurance number.
Saved by Suspicion
The more you look at these phishing emails with a critical eye, the easier they are to spot. Sometimes there’s a dead giveaway – like a misspelled company name – but most often you’ll have to examine the email more closely.
So, what should you do when you discover a phishing email? If you have a strong sense of social justice and lots of time on your hands, you can track down a contact email for the real, legitimate business and inform them that somebody is using their good name to commit fraud. Then you can share a warning on social media. Or … you can just delete it.