Top

Eight ways to spot a phishing scam

Rights, Scams and Politics

Updated on 18 October 2010 | 15 Comments

Phishing fraud is on the up. Find out how to avoid becoming a victim...

This week (18 to 22 October) marks National Identity Fraud Protection Week. Identity fraud is a growing problem and one of the biggest causes of ID fraud is phishing.

Phishing is where you receive an email from what appears to be your bank, or other financial institution, requesting you to reset or confirm your security details – often by following a link. However, these links will usually take you to a fake website with the aim of getting hold of your personal or financial details to defraud you.

Worryingly, recent research from Consumer Intelligence found that nearly one in 10 of online banking customers were not confident they would spot a phishing email from fraudsters claiming to be from their bank.

And even more worryingly, figures from the UK Cards Association show that the number of people who fell victim to phishing fraud in the first six months of 2010 rose by 21% to 31,448 compared with the same period last year.

Recent phishing warnings have come from the Student Loans Company, which has received 700 complaints so far this year. HMRC has also shut down 180 phishing websites this year, and Apple iTunes recently warned about a scam against its customers.

So if you’re concerned about this, here are eight ways to spot a phishing scam.

1. Email address

If you receive an email from what appears to be your bank, the first thing to check is that the email address used is the one you registered with. If it’s not, alarm bells should start ringing.

2. Generic greetings

It’s also a good idea to check how you’re addressed in the body of the email. Generic greetings, such as ‘Dear HSBC customer’, are likely to be used, rather than your actual name, if it’s a scam.

Don’t be scammed! Emma Roberts reveals some dangerous scams that are circulating the web

3. It’s all in the detail

If the email you receive includes personal details such as your credit card number or account number, check to see if they are correct. Scammers are highly unlikely to already have this information (considering they will be trying to steal it from you) and often include random numbers in the email to make it look more official in the hope that you won’t bother to check if they’re accurate.

4. Requests for personal information

Similarly, phishing emails are likely to ask you to confirm personal or financial details. However, banks will never ask you for personal information in emails – so if you’re being asked this, don’t reply.

5. Sense of urgency or danger

Often a phishing email will claim that your account is in jeopardy and will start with a dramatic statement such as ‘your account has been compromised’. There will be a sense of urgency to the email and it may claim if you fail to update your details or confirm your account information, access to your account will be suspended.

6. Spelling and grammar

Another trademark of a phishing email is bad spelling and grammar. So if the email is clumsy to read or there are spelling errors, be very wary!

7. Check the links

Always check any web links in the body of the message match those in the status bar of the email at the bottom of the screen. You can do this by hovering your cursor over the links.

If they don’t match, chances are it’s a scam. Make sure you don’t click on any links in the email and if you want to check it out, type the address out manually instead.

Follow these top tips to protect yourself against ID fraud

8. Tricks of the eye

Always carefully check any company names used in the email. Scammers can be very clever and often use a company name that looks very similar to the real deal – and a quick glance is unlikely to pick this up.

Scammers know we have a tendency to see what we want to see, rather than what’s actually there. For example, a web address might read ‘paypai.com’ rather than ‘paypal.com’ – and unless you’re checking this closely, it may pass you by.

Stay safe online

So now you know how to spot a phishing email. However, if you’re one of the many people who bank online, you might still be concerned about how safe it really is. In fact, according to Consumer Intelligence, 35% of online banking customers are worried about how secure their service is. 

So here are some top tips to stay safe:

  • Install up-to-date anti-virus software and a firewall to protect your PC – you can find out more about this in 14 ways to protect your privacy.
  • Update your internet browser regularly to ensure your versions of Windows and Internet Explorer are kept current.
  • Make sure you protect your wireless network which is vulnerable to eavesdropping, hackers and freeloaders. You can find out how to do this here.
  • Don’t forget that your bank will never ask for your login details or personal security details, so don’t hand them over.
  • Always delete suspicious emails.
  • Never open an email attachment from an unknown source.
  • Don’t click on any links from what appears to be your bank or other financial institution. Often they will take you through to a fake website which may look identical to your own bank’s website, but it isn’t.
  • If you think you might have received a scam email, report it to reports@banksafeonline.org.uk.
  • Only carry out online transactions when the URL in the address bar says ‘https’ as opposed to the usual ‘http’. The ‘s’ stands for secure.
  • Use software such as Mailwasher as this will help to cut down on unwanted spam emails. This means you’re less likely to become a victim of a phishing attack.
  • Never leave your PC unattended when you're logged into an online banking service.
  • Finally, always check your accounts regularly to keep an eye out for any unusual transactions. This is really easy to do with the lovemoney.com online banking tool as this amalgamates information from all your different providers, allowing you to see all of your different statements at a single glance, with a single log-in. (You can also categorise all your transactions, so you'll know immediately if some of your spending seems out of place.)

More: Five disgusting scams we hate | Seven sneaky identity theft tricks

Most Recent

Give your kids some financial independence: best bank accounts for under-18s
Valuable VHS tapes you might still own
25 valuable DVDs and what they sell for
prev next

Comments

  • 30 January 2011

    I find your advises very interesting, as they are valid in all European country (I am Belgian). Do you have a similar site in Belgium? Congratulations for your work and advises.

    REPORT This comment has been reported.
    0

  • 19 October 2010

    Banks are getting a bit more savvy these days, and are using the same technique that paypal uses to catch hijacked accounts, and that is to check the locale of the IP accessing the account. After all, if you access from an IP in London, then the next day access from Egypt, there is a very good chance your account has been compromised. Of course, there are ways around this, such as using proxies, but not all crims are that savvy, and some do slip up. I still think one of the best ways to secure your connection is for ISPs to offer Static IPs, then have your account hard linked to this one IP. Even if they cannot do this, an IP will belong to a range that is owned by the ISP, so even this can be used to determine if someone has moved ISP, or more practically, to flag the account as possibly compromised. Remember that while we are expected to safeguard our information, so are our banks. They have a duty of care to ensure that they reasonably stop fraudulent transactions, or spot them as they are happening. We might hold the key, but they are the gateway. One thing to remember above all, and that is if you want to log into your account, use the bookmark YOU have saved, and not a link supplied. If you are feeling really paranoid, close your browser first, then re-open it with the default home page.

    REPORT This comment has been reported.
    0

  • 19 October 2010

    darren67 It may be a bit of fun to fill in the form in scam email with curses but the problem is that you will then have confirmed your email address as genuine and possibly associated it with an IP address. Better to delete the email or if it is spoofing a bank to forward it to the fraud section of the bank as they like to shut down these sites where possible.

    REPORT This comment has been reported.
    0

Do you want to comment on this article? You need to be signed in for this feature

Most Popular

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.