Thursday 16 November 2017

Spotting a phishing scam

I recently received an email, which looked like it was from PayPal, but I instantly could see it was a phishing scam, however they do seem to be getting better at mimicking. Below is the image of the email, the number of errors that highlight it is a phishing scam is in double figures, how many can you spot? I do not want to point them all out, that would be helping the criminals.


I will point out an obvious one, which I imagine they would find hard to correct, that is at the top it says 'Dear Client', this is not specific enough to be genuine email from a company that knows more details about you than just your email address. Some phishing emails would replace 'Client' and put the word of your email address before the '@' symbol e.g. Dear Smith_John, this would also highlight a phishing scam.

My general advice on receiving emails is:

  1. Read the email, do not just click on the link, even if it looks urgent, that is what the scammers are counting on.
  2. If you have no instigated an email e.g. requested a password reset, then it is best to assume it is a scam.
  3. Do NOT use any links provided in the email, instead go to the companies web site through a link of your own (bookmark) or from a search engine. The web site address should have a HTTPS prefix, not just a HTTP.  
  4. If the offer sounds to good to be true, then it is a scam.
  5. If there is just one thing that does not look right e.g. spelling mistake, poor grammar or poor quality logo then it is a phishing scam.