Home / Royal Mail / What is phishing and how to spot email scams?

What is phishing and how to spot email scams?

Cyber crime and phishing is a prevalent danger as more people rely on online shopping, banking and communication. (Picture: Getty)

Even while the world continues to battle a pandemic, callous con artists continue to exploit people’s vulnerabilities.

Recently, key workers have been targeted in online fraud activity and a Royal Mail text scam has nearly tripped up several.

It’s getting easier for scam artists to con people out of small fortunes as we rely on online shopping, banking and communication more than ever.

This sort of con – involving emails, texts or other electronic communications – is called phishing.

Here’s how to spot a phishing email or text, and how to stay safe online…

What is phishing, and why is it called phishing?

Phishing is the term applied to kind of electronic communications scam that aims to obtain private information, or to spread harmful malware, via the recipient.

The phenomenon takes its name from fishing due to the parallels in unaware targets being reeled in by bait.

A Royal Mail scam has been making the rounds. (Picture: PA)

The term was coined around 1996, according to Computer World, as internet scammers began using e-mail lures, setting out hooks to fish for passwords and financial data from the sea of Internet users.

Hackers commonly replace the letter f with ph, a nod to the original form of hacking known as phone phreaking

How does phishing work?

The most well-known form of phishing involves the mimicry of official emails or text messages from trusted companies including Amazon, Paypal, all UK banks, Netflix, delivery companies, mobile phone providers, eBay and so on.

Phishing emails can also masquerade as messages from a council authority, HMRC, the Government, the police or a hospital.

The phishers replicate to the best of their abilities, the exact logo of the company and then compose a phoney email.

Usually, the phishing messages explain that you need to update your billing details / address, employment record, your bank card details and so on, or they urge you to check up on a delivery tracking number.

Phishing scams can look and sound extremely convincing and authentic (Picture: CTIS/Getty)

Many also claim your accounts have been locked or suspended due to an error or security breach. Others claim you’ve received an unexpected refund or a payment has not gone through.

You might even be told you’ve won an incredible prize, like cash or a car.

Often the emails claim that the situation is urgent and requires immediate action. By doing this, the phishers are putting pressure on recipients to click the links and act rashly without detecting the scam.

Some don’t press urgency, however, and one particularly insidious 2017 phishing email, made to look as though it was from Netflix, invited recipients to restart their membership.

In extreme cases the email can contain wildly unrealistic threats about seizing your assets, slapping you with huge charges or similar. Again, the authority of the brand helps the phisher convince a recipient to do something.

In all cases the endgame is to hack into your accounts or by extension your computer.

Scared or worried recipients will type their details into a fake web page to try and sort out the fictional problem.

However, simply clicking a link in these emails can release malware into your computer, potentially causing a virus that could shut down a network or make you vulnerable to hacking.

Then there is the altogether more sinister Spear Phishing.

This involves an email arriving, apparently from someone in your contacts, asking for something or sending a link (but of course, it isn’t them).

This email could appear to be from a work colleague asking for tax or wage documents on your employees, or a request for a wire transfer of money. It may also be a short, friendly email from someone you have not heard from in a while, which contains a link.

The way this kind of phishing is done is through research.

Spear-phishers study their victims in advance, learning names, the hierarchy of an organisation and even workplace culture to try to keep the victim from realising they’re being duped.

When these emails are targeting executives of big businesses, it’s known as Whale Fishing. Because these people can feel more invincible and communicate via less formal emails, they are easy victims.

How to spot a phishing email

As phishing scams appeared to be on the rise, The Chartered Trading Standards Institute’s Lead officer Katherine Hart said of the Royal Mail scam: ‘This delivery scam is yet another example of fraudsters attempting to make money out of the unsuspecting public. 

‘Due to the lockdowns, many millions of people rely on product deliveries, so scammers have focused their efforts on this theme.’

But she did also give some useful tips for staying safe. She said: ‘Royal Mail will only ever contact you via text or email if a customs fee is due, not for domestic parcel delivery. If you have any suspicions, contact Royal Mail to verify before you click any links or share details.’

‘Also, the public must also be aware that these types of scams may come in many forms, and scammers do not only use Royal Mail branding.

‘These types of scams come in many forms, not just via text but also in emails and through the phone.’

To stay safe online, follow the tips below:

  • Look carefully at the email address. Does it have numbers in it, or seem odd in any way? Does the phone number seem odd in some way?
  • Zoom in or examine the logo closely and compare it to those used on the company’s official website. Do they match? Is it fuzzy?
  • Are there any grammatical or spelling errors in the email or text message? It may look like it was rushed or the English might not be perfect.
  • Hover your mouse over the link, or copy the link address into a Word Document, so you can see the URL without clicking on it. Does it match the official website address? If not do NOT click on it. Does the URL have any words squashed in between the main website name and the ‘.com’ section, ie: Microsoft.maliciousdomainname.com? If so, it’s fake.
  • If you’ve replied to the initial email, and another one has arrived which mentions payment of some kind, this is almost definitely a phishing scam.

If you have any reason to be suspicious, always err on the side of caution. Contact the company in question by Googling their official customer services contact details.


MORE : Warning over Census scam as fraudsters pose as officials demanding fines

Follow Metro across our social channels, on Facebook, Twitter and Instagram.

Share your views in the comments below.




Source link

About admin

Check Also

Nvidia, Walmart, Imperial Brands, JD Sports and Royal Mail

This earnings season may be winding down but there are still a number of big-name …

Leave a Reply

Your email address will not be published. Required fields are marked *