We’ve noticed an increase in the amount of this type of email being sent around – do you know how to spot them?
Cyber-criminals often make contact via email, text, via social media or even by phone call. They will often pretend to be someone (or part of an organisation) you trust and will usually try to get you to reveal personal information, open an infected attachment or follow a link to a bogus website.
It used to be easier to spot scams. They often contained bad spelling or grammar, come from an unusual email address, or feature imagery or design that feels ‘off’. But scammers are getting smarter and some are so well crafted, they even fool the experts.
How to spot scam messages
Scammers will often try to quickly gain your trust – they aim to pressure you into acting without thinking. If a message makes you suspicious, stop and consider the language it uses. Scams often feature one or more of the following tell-tale signs.
- Authority | Is the message claiming to be from someone official? For example, your bank, doctor, a solicitor, or a government department such as HMRC. Criminals often pretend to be important people or organisations to trick you into doing what they want.
- Urgency | Are you told you have a limited time to respond (such as ‘within 24 hours’ or ‘immediately’)? Criminals often threaten you with fines or other negative consequences.
- Emotion | Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.
- Scarcity | Is the message offering something in short supply, like concert tickets, money or a cure for medical conditions? Fear of missing out on a good deal or opportunity can make you respond quickly.
- Current Events | Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.
How to check if a message is genuine
If you have any doubts about a message, contact the organisation directly. Don’t use the numbers or address in the message – use the details from their official website or printed materials.
Remember, your bank (or any other official source) will never ask you to supply personal information via email, or ask you to confirm your bank account details. If you suspect someone is not who they claim to be, ignore the message and contact the company directly. If you have paper statements or a credit card from the organisation, official contact details are often written on them.
Unless you are 100% certain the message is genuine – do not open any attachments or click any links!
Infected attachments can be added to emails, often in the form of PDFs, which are made to seem like an Invoice. It doesn’t matter whether the recipient expects to receive an invoice from this person or not because, in most cases, they won’t be sure what the message pertains to until they open the attachment. When they open the attachment, it will be too late. The document unleashes malware on the victim’s computer, which could perform any number of nefarious activities.
To ensure you don’t fall for suspicious links, you must train yourself to check where links go before opening them. Thankfully, this is straightforward: on a computer, hover your mouse over the link, and the destination address appears in a small bar usually along the bottom of the browser. On a mobile device, hold down on the link, and a pop-up will appear containing the link.