The scenario: You’re busy checking your daily emails and come across one that prompts you to click a link or open an attachment that will either:
Verify your account or banking username and password,
Verify a large purchase you don’t remember making ,
Apply for a job that you have no qualifications for,
Opt-out of a newsletter you didn't sign up for,
Pay money or bitcoins into a foreign bank account before all your personal info is maliciously released onto the net,
Enter a business agreement, legal or illegal, with a “guaranteed” whopper of a profit (after a relatively small “admin fee” payment).
Sound familiar? Sooner or later everyone with an email account will receive "phishing" or scam mail - mail intended to carry out theft or fraud. But that doesn’t mean you have to be a victim of the scam!
Some careful detective work can expose the scam for what it really is. Here are a few things to look for:
The sender’s email address and email subject:
Is the address obscure or unrelated to the site/company the email is representing? Is the subject line relevant and transparent?
The date and time the email was received:
Was the email sent to your inbox at a late time of the evening or very early in the morning? Or at another time you were least expecting it?
The grammar and spelling of the body of the email:
Does it read naturally? Are there lots of typos or unnecessary breaks in the text?
Strange requests, offers, prompts, or threats:
Are you being told to re-enter personal or account info? Verify your password or pin? Pay money into a foreign account?
The link URLs:
Do they direct to an obscure web page? Check this by hovering your mouse over the link, but NOT CLICKING IT.
Scammers put a lot of work into making their emails look legitimate, and one can be easily fooled into false sense of security because of this. But if you are at all suspicious, don't hesitate to contact the help center of the company you are supposedly receiving the email from. They will appreciate your reporting the attempt at theft or fraud the scammer is making under the disguise of their brand. Just make sure that you use a genuine phone number or email address to do so, which you can usually find on a company's official website.
The following is a slightly exaggerated example of a phishing email, which was modelled after one that our client received.
After some analysis: the strange sender address, bad English, and obscure links quickly revealed the mail to be a scam.