Phishing has been around since the 90’s. We all know we need to be cautious of online scams, yet upwards of 30% of phishing emails get opened, a phenomenal click through rate in anyone’s eyes.
These types of emails are so successful, as scammers go to great lengths to disguise their scam as genuine and important communication. The ways in which this communication is delivered is very convincing and, in many cases, hard to recognise.
What is a phishing email?
A phishing email is sent by a scammer to trick you into voluntarily offering up your personal or confidential business information. This could include bank account numbers, passwords and credit card numbers. They are often disguised as being sent from financial institutions or as an endorsement by a celebrity.
As sophisticated as email filtering technology can be, it will never be 100% successful, so it’s important your staff are aware of how to recognise a phishing email. And here’s how.
Check the email address
Phishing emails can look like the real deal with proper logos and design, but if you look at the sender’s email address, it’s usually a dead giveaway. These emails will usually have the sender set as “Apple” or “Commonwealth Bank” for example, but you should away check the actual address, it will usually be a gmail account or something similar, if it’s not using the domain name extension of the actual sender, delete it.
Look out for attachments
Did you receive an email from someone you weren’t expecting, asking you to open an attachment? Expect the unexpected. Most successful phishing emails look like something you might expect like a shipping confirmation or a request to change a password, but were you expecting it? If not, simply, don’t open it.
Is there an unnecessary sense of urgency? Phishing emails often try to alert you that one of your accounts has encountered suspicious activity or they may pretend to be someone you know asking for immediate financial help. They will try to get you to verify information via a link. If you are not expecting this, never click these links or use the contact details provided in the email. Just try to be logical, you may choose to call your bank directly if you aren’t sure, using the correct contact details. Remember, institutions like banks and government agencies don’t typically use email communion as their first point of contact, especially when something is urgent.
Phishing emails can contain links to URLs that are completely different to what they should be, or they may look like the real ones, with just a small misspelling. If you hover your mouse over a URL within an email, you will see the destination and if it is incorrect.
You may also notice misspelling or grammatical errors within the body of the email. Or, it might just be written in a different style, or less professionally than those usually sent by the institution. This is a big tip off, simply delete it.
So, trust yourself. If something seems too good to be true, it most probably is. If your intuition has you questioning yourself, even slightly, don’t open the email or any of the attachments. If you think you may have been scammed, contact your bank immediately. You should always report online scams to the ACCC. This helps to educate others on current scams and aids in disrupting scammer activity.