How to spot a phishing email
Do you really need to urgently change your online banking password, or is that email from a hacker who’s trying to get hold of your login details?
It’s not always easy to spot a phishing email but in this guide we’ll outline the tell-tale signs which suggest an email isn’t what it claims to be.
We’ll also look at what steps you can take to avoid falling for a phishing scam.
Five signs of a phishing email
1 Poor spelling/grammar
An email that’s littered with spelling mistakes and grammatical errors is a sure sign of a phishing email.
However, perfect spelling and grammar isn’t enough to indicate that an email is legitimate, as sophisticated phishing emails will do everything they can to look legitimate.
2 From an unusual email address
Another of the easiest ways to detect a phishing email is looking at the sender’s email address.
Legitimate emails will always come from an email address linked to the business, for example an email from 123 Reg will come from an address that ends “@123-reg.co.uk” or @marketing.123-reg.co.uk”.
If you get an email that says it’s from one organisation, but the email address it’s from isn’t related to that organisation then it’s a sure sign you’re dealing with a phishing email.
However, more sophisticated phishing emails will look like they’re from the company they claim to be from. This is because hackers can use email spoofing to disguise the address from which a phishing email was sent.
Even if the sender’s email address looks legitimate it doesn’t mean an email can be trusted, so be on the look out for other signs of phishing.
3 A prompt for urgent action
Phishing emails often call on you to take urgent action. Why? Because if you feel like you need to act quickly, you’re less likely to think about what you’re doing. If you’re not thinking about what you’re doing, you’re more likely to fall for a phishing email.
This prompt for urgent action could be something negative, such a warning that you’ll be locked out of your account, or a service will be suspended if you don’t act. Sometimes, phishing emails will claim that someone has already hacked your account and you need to change your password.
There are also phishing emails with positive prompts for urgent action, these are usually something like the promise of a prize or a tax refund.
If you receive an unexpected email which contains a prompt for urgent action, treat it with caution.
4 Requests for sensitive information
The aim of phishing emails is to gather sensitive information. As such another indicator of a phishing email is if you’re asked to send sensitive data such as bank details, account details, passwords, or personal information such as your date of birth.
In an unsophisticated phishing email, you’ll probably be asked to reply to the email with the requested information.
In more sophisticated phishing emails, you’ll be prompted to click a link to a malicious website, which we’ll talk about now.
5 Links to a malicious website
The other way phishing emails will seek to steal sensitive information is by getting you to click on a link to a malicious website.
This malicious website will look like it belongs to the organisation which was impersonated in the phishing email and will ask visitors to log in or provide some other form of information such as payment details.
However, if anyone does attempt to log in (or provides any other information via the malicious site) their details will be sent to the hacker behind the phishing email and their account will be compromised.
If you’re viewing an email via a laptop or desktop browser, you can hover your cursor over any links in the email and preview the address the link will take you to. If the address in the preview isn’t the one you were expecting, don’t click the link.
However, just because the link in the preview look legitimate, that doesn’t mean the site is safe. As with email addresses, hackers can spoof web addresses in a phishing email to make it seem legitimate.
If you have even the slightest suspicion that an email is a phishing attempt, do not click any links in it.
Tips to avoid being phished
It can be difficult to tell a sophisticated phishing email from a legitimate email. For that reason, it’s a good idea to play it safe. Here are some tips to help you do just that.
Treat all unexpected emails with caution
If you’re not expecting an email, treat it as if it’s a phishing email until you’re certain it isn’t one.
Look for the signs of a phishing email we outlined above, if you spot them ignore or delete the message.
If you don’t spot any obvious signs that it is a phishing email, you may feel like you need to act, especially if the email is about the security of one of your accounts.
You should still avoid replying to, or clicking any links in, the email. Instead, you can go to the organisation directly.
Go directly to the organisation the email claims to be from
If an unexpected email has you worried and you think you might need to log in to an account and act, go directly to the organisation’s website.
By doing this, you eliminate the risk of clicking on a link to a malicious website in a phishing email.
You could also contact the organisation’s customer service department to ask if the email is legitimate. Again, if you decide to do this go directly to the organisation’s website and get its contact details from there.
Worried about an email that claims to be from 123 Reg?
Sometimes, you might get a phishing email that claims to be from 123 Reg. If you’re worried an email that seems to be from us is actually a phishing email, look for the signs we’ve outlined above.
Additionally, a legitimate 123 Reg email will always address you by your first name (rather than a generic greeting like “Dear customer”) and we will never ask for confidential details like your password or payment information.
Legitimate 123 Reg emails will always be sent from an email address ending either “@123-reg.co.uk” or @marketing.123-reg.co.uk”.
If you’re at all worried that an email which claims to be from 123 Reg is a fishing email, you can always log in to your Control Panel directly and manage your account from there.
You can also contact our support team on 0345 450 2310.
You can forward 123 Reg phishing emails to firstname.lastname@example.org so we can investigate. Please note that you may not receive a response from us after you’ve forwarded the message.