3 ways to spot and avoid phishing emails

  • Articles
  • 3 ways to spot and avoid phishing emails

Most people believe they will never receive a phishing email thanks to their email provider moving all into the spam folder. However it is estimated that around 3.4 billion phishing emails are sent out every single day. This enormous number almost guarantees that some emails will slip through. Yes it's tiring being vigilant and questioning every single email you read but it could be the small difference in losing all of your investments / pension.

Follow these 3 simple tips when reading or replying to emails in order to protect yourself. While there is no way to be 100% protected you can give yourself the best shot by doing this.

1. Check who sent the email

This is a standard check that everyone should do but I encourage you to take more notice to this. Very often criminals will use slightly different words or change a single letter in the email address in order to fool you into believing they are legitimate.

But just as importantly even though the email address may look legit it could have been spoofed (made to look different to the actual email address of the person sending the email) OR that email address could have been hacked and is now being used to send malicious phishing emails.

2. Double check every link you click

This is the easiest thing to look out for. Most people are warned to never click a link however this is not true. Clicking a link is not inherently dangerous, but you must be aware of where it takes you.

Hover over a link before you click it to see if the URL matches the domain of the company. To explain what that means: imagine you get an email from paypal asking you to reset your password but you see that the link takes you to www.palpay.com, this would indicate a scam since the link is different to the official website paypal.com.

An easy solution to this problem which I try to do as often as possible is to just enter the the name of the website into google and find it myself rather than clicking the link. If you've been asked to urgently login to a website then there is no reason you have to do it by going through the link from the email. Google has a responsibility to show official websites so it will be much safer to go that way.

3. If it's too good (or bad) to be true, then it probably is

This tip may sound a bit superfluous but is possibly the most important. If an email is encouraging you to do something urgently due to money reasons then there's a high chance it's a phishing scam. Just to give you a list of examples:

  • you are owed a refund
  • you won a prize
  • you are about to lose your deposit
  • you are about to lose a package / delivery
  • someone you know needs immediate help

Before you do anything just give the person or organisation a call and confirm whether they sent the email. By doing this small step, especially when hundreds or even thousands of pounds are on the line, so many innocent people could have avoided being scammed. Just make sure to not use a phone number that was sent in the email!

So there are 3 basic rules, remember them in a simple way:

  1. check the email
  2. check the links
  3. question if it's real.

This is the sad reality of having the power of email at our fingertips but the better we become at avoiding these phishing emails the less scammers there will be.

Test yourself using real world examples of phishing emails in our free test play here