Usually your email system’s spam filter will spot junk or spam mail and move it to your junk mail folder. This is not a perfect process however, and sometimes suspect emails find their way into your inbox. Whilst some emails are easy to spot as fake – for example the grammar and spelling is poor – increasingly these emails look genuine. Clicking on a button or following an internet link in these emails is becoming the most common method by which fraudsters successfully access a user’s email account or other information on their computer.
The general advice when receiving unexpected emails purporting to be from companies and institutions remains the same:
- Buy, install and keep up to date an internet security suite to give yourself the best protection available.
- Remember that no reputable institution ever solicits personal, password or account information by email.
- Never click on an internet link in an email unless you are certain it is to a genuine website address.
- If in doubt, phone the company that has apparently sent the email, or visit their actual website, find the Contact Us email link, and ask for confirmation that such an email has been sent.
Typical examples of fake emails include:
- A BT email concerning the change to the user interface or an issue with your email account
- Any bank or financial institution claiming there is a problem with your account, and asking you to click a link to re-verify your account and password information, or to open an attachment and fill in some information
Look for these clues in a suspicious email:
- Grammar and spelling. Not always, but sometimes you will notice obvious errors in how the email is written which immediately identify it as a fake.
- Check the sender’s email address: the display name might look plausible e.g. BT Sign-In Alert. But the actual email address associated with that display name is often strange e.g. firstname.lastname@example.org. This should immediately arouse suspicion – a company like BT would never use an email address of that form. A display name is trivial to create and associate with any email address – it is No Guarantee of the validity of the sender.
- The crucial bit, the ‘sting’, is the link that the user is supposed to click on to upgrade their account or verify their password. On a computer if you hover the mouse over the link (or indeed any link in the email) – but do NOT click on it – you can verify the webpage to which you will be sent if you were to click on the link. The link will clearly not be sending you to the site you expect and would have unknown consequences were it to be clicked. Unfortunately this technique is not available for touch screen devices.
Some emails will include an attachment which you are supposed to open and enter some security information. Never do this. No reputable organisation ever solicits information in this way.
Senders of such emails are getting better at making them look very plausible with the right colour scheme and logos. Often the email contains several links, some of which are genuine.
Ultimately the best protection is your own vigilance. Remember no reputable organisation will ever solicit from you personal, account, password or other sensitive information, either via a link in the email or an attachment. No matter how plausible an email may look, if it asks for such information, it is a fake.