Phishing is the name given to email scams that try to trick you into revealing sensitive information or downloading malicious software.
Phishing emails pretend to be from banks, online shops and other trusted organisations like PayPal or your email account. They usually try to get you to follow a link or open an attachment.
Phishing scams often ask you to take urgent action, for example to log on to a website to avoid your account being suspended. The link contained in the email will take you to a website that appears genuine but is actually a fake designed to trick you into entering personal information.
Top tips for spotting a phish
Phishing emails come in many different forms. Some are easy to spot; others are much more sophisticated. However, there are some common characteristics to look out for:
- the sender’s email address may be different from the real organisation’s website address, for example they may be using a webmail address
- a generic greeting such as “Dear customer” rather than your name
- poor grammar and spelling
- a request for personal information such as username, password or bank details
- a sense of urgency; for example the threat that unless you act immediately your account may be closed
- file or links that require you to download additional software to view them
- a prominent website link that is very similar to the proper address, perhaps with just a single character’s difference
- you were not expecting to get an email from the organisation that appears to have sent it
- the entire text of the email may be contained within an image rather than the usual text format; the image contains an embedded link to a bogus site
Can you tell when something phishy is going on?
How is your phishing IQ? quiz to find out how good are you at spotting a phishing email.
Don’t get phished! Get smart
Some phishing attempts are very sophisticated and may avoid many of the characteristics highlighted in our top tips for spotting a phishing email.
Be aware that emails can be made to look like they are from an organisation or person you know. These spoofed email addresses can appear authentic even when you mouse over them.
Never reveal personal or financial information including usernames, passwords, PINs, or memorable phrases.
Remember that a genuine bank, or any other organisation, will never ask for your password via email, text, instant message or phone call
Do not click on links or open email attachments from unknown sources as they may infect your device with a virus
Always apply updates and use anti-virus.
Good email practice
- do not open or reply to emails that you suspect as being scams
- do not click on links or open file attachments in emails from unknown sources
- if in doubt, contact the person or organisation using the main contact details published on their website
- be cautious of links in emails. Roll your mouse pointer over the link to reveal the true destination, which is displayed in the bottom left corner of your screen. Be wary if the address is different from what you would expect from the text of the link from the email
- use a strong password for your webmail accounts
- enable spam filtering or switch to a webmail provider that can do this
- always run updates promptly and have antivirus software on your device
More information on other types of scams
Do not get caught by scams. It’s not just email. It could be SMS, phone calls, or social media.
Social engineering is the name given to the techniques used by cybercriminals to manipulate or trick people into divulging confidential information, transferring money or downloading malware. Social engineering scams can be elaborate and highly convincing. They often impersonate organisations you trust, like your bank or the police, and use snippets of information they know about you to make the scam more realistic.
For more information, visit our social engineering page.