top of page
Writer's pictureIles Systems Ltd

Unravelling Scam-tastic and Phishing Emails: Don't Get Hooked, Stay Safe!

Today, we're diving into a perilous but oh-so-colourful world—the treacherous realm of scam and phishing emails!

Let's embark on a whimsical journey where we'll learn how to recognise scam-tastic and phishy emails, outwit the crafty scammers, and emerge victorious!

1. The Siren Call of Scam-tastic and Phishy Emails: Picture this: you're sipping your afternoon tea, enjoying your favourite cat videos on YouTube, when suddenly, an email pops up claiming you've won a lifetime supply of chocolates or urging you to urgently update your bank account information. Before you start doing your happy dance or rushing to comply, let's pause and sniff out the suspicious scent.

2. The Masked Bandits - How to Recognise Scam-tastic and Phishy Emails:


· The Overly Generous Stranger: As we've mentioned before, if an email claims you've won a hefty prize or inheritance from someone you've never heard of, it's likely a red flag. However, there's more! Beware of phishing emails that pretend to be from trustworthy sources like your bank, email provider, or social media platforms, asking you to verify your account details. Scammers can be quite creative with their disguises!

· The Faux Friend: Phishing emails often mimic the appearance of legitimate companies, using their logos and design to trick you, so you need to pay attention to the actual email address, not just the display name. Scammers can use something like "bankcustomerservice@scammersemail.com" as the display name, but when you check the actual email address, it's entirely different (more on this later).

· The Language Acrobats: Just like scam-tastic emails, phishing emails may also contain typos, grammar mistakes, or odd language. Keep an eye out for suspicious writing styles, and remember, legitimate companies take pride in their professionalism.

· The Drama Kings & Queens: Phishers might also employ urgency or fear tactics to manipulate you into taking action hastily. This tactic is very common within corporate environments. Perhaps you’ve received an email from your boss, requesting that you transfer X amount of funds to an account. Perhaps it’s a client, who is informing you of a change in bank details. Don't fall for their tricks! Take a deep breath and evaluate the email calmly. Contact the person or company making the alleged request using trusted contacted details, preferably by phone.


3. The Great Escape - Staying Safe from Scam-tastic and Phishy Emails:


· Spam is the Enemy: Your email provider is a trusty knight in armor, blocking most scam-tastic and phishy emails from reaching your inbox. Regardless, you still need to remain vigilant, as some might slip through net. Mark them as spam, create rules to send them directly to the deleted items folder or if possible, add the domain names to a black list.

· Links and Attachments - Proceed with Caution: Hover your mouse over hyperlinks in emails to see where they lead. Never download attachments or click on unfamiliar links without a second thought. That's like inviting a troll into your digital kingdom! Also, never enter your login details into pages you have been directed to by these links, unless you have verified that it is a legitimate request. This is a common threat to Office 365 users who may receive emails about “password expiration”, “account suspension” or “storage quota limits”. If in doubt, close all web pages, open up a fresh session and log into your account through the channels you would normally do so; or if you have one, ask your IT support team to investigate.

· Fortress of Two-Factor Authentication: Where you can, always secure your accounts with two-factor authentication. While not completely infallible (but what is these days), it still provides a much needed and advised additional layer of security.

· Heroic Reporting: If you encounter a scam-tastic or phishy email, report it to your email provider and/or relevant authorities. Your brave actions can help protect your fellow netizens from falling prey to these scammers.


4. The Art of Verification - Checking Email Addresses: To unveil the true identity of a sender, you must master the art of checking email addresses. Look closely at the "From" field, and if you see something suspicious, investigate further. You can do this by:


· Double-Checking the Domain: For example, if the email claims to be from your bank, but the domain in the email address looks strange or unfamiliar, it's a glaring warning sign. Sometimes the difference is so slight, that at a glance it can go unnoticed.

· Inspecting the Full Address: Some email clients allow you to view the full email address by clicking on the sender's name. Verify that the email address matches the legitimate source. Often you’ll find that the displayed email address is different to the address the email has actually come from. Other times the addresses may match. You may have seen this if you have ever received an email that appears to have come from your own email address. This is called “spoofing”. Again, if you are even the slightest bit suspicious, contact the sender via trusted means and get verification.

Let’s look at the following email as an example:

Phishing email example
Phishing Email

As you’ll see, the email is claiming to be from Metro Bank. However, despite the display name saying Metro Commerce, the email address is clearly nothing to do with Metro Bank. In fact, they have actually spoofed another legitimate email address to relay the email (hence the redaction).

Mismatch between the stated sender & the actual email address
Display name & email address mismatch

You can also see various links within the email. The email is prompting the recipient to log into their account to be able to access and read the “important document”! By hovering the mouse cursor over these links displays the real web address that person would be sent to.... Definitely NOT Metro Bank!

A link showing the actual landing page being different to the one expected
Example of link redirecting user to suspicious URL

There is little doubt that the web page would look very similar, if not exactly the same as the login page for the Metro Bank. Unless the user is vigilant they could be duped into entering their login details. Upon doing this the user would more than likely be “informed” by the website that the details are incorrect, the user would try again and be told that the details are still incorrect. While the user goes off to speak with the bank (and we all know how long that can take), the scammers can be accessing the account and transferring funds out of it.

· Using Your Digital Magnifying Glass: If the email address seems fishy, run it through a search engine. You might uncover reports from other users who have encountered the same scam. There are also other tools on the market that can help inspect, reduce or potentially prevent these types of emails even getting through, so speak with your IT support team where possible.


5. The Happy Ever After - Fool proofing Your Inbox:

Hopefully you've learned to recognise some of the perilous ploys of scam-tastic and phishy emails. Your inbox, now a fortress of vigilance! Stay wary, and you'll surf the digital seas without a worry. Remember, no one is immune to scams, but with a bit of wit and a sprinkle of caution, you'll breeze through unscathed.

So, the next time you receive an email promising unlimited riches or asking for sensitive information, ask yourself: "Is this the real deal or just a scam-tastic and phishy adventure?" and together, we'll protect our digital world from these mischievous scammers! Until next time.


Comments


bottom of page