A Quick Lesson In Phishing Emails

April 23, 2020

Phishing emails are a pain.  Some are easy to spot, some are clever and can have you fooled very easily.

Here is a quick lesson on how to spot a well created fake email.

What We See

This example is a reference to a TalkTalk account, but it works the same for any type of online account.

The subject of the email is: Your TalkTalk bill payment failed.

It is classic Phishing. It tells you of a problem. Straight away, we are interested and concerned.

We open the email and see the main body:

For anyone with a TalkTalk account, this looks instantly recognisable.

And that’s the clever bit. The scammers use a layout that looks familiar. The example may be TalkTalk, but it could be a similar scam using Apple, PayPal, eBay, Amazon etc.

And it all tells of woe.  Words such as “Payment Failed” and “Disconnection Date”.

All used to push us towards a call to arms – “Just go to your TalkTalk account by clicking the button below.”

So we click the “My Account” button.

In We Go

The button opens a link to a website to log-in with your details. And, if you are familiar with TalkTalk, looks just like it should:

If you did fill in those details, you have just given them away. The crooks could then use the information to log into your real account and get your personal details etc.

So how do you check if this email is genuine or fake?

Watching The Detectives

The first thing to do is to check who sent the email. In the example, it says TalkTalk.

However, if we move our mouse cursor over the word – but do not click – the exact email address appears.

If you are using a phone or tablet with a touch screen, it is slightly different. Instead, pressing and holding the word usually creates a box with the same details.

It doesn’t quite look like an email address TalkTalk would use. And that, of course, is because it isn’t.

Let’s do the same with the “My Account” button. The button you would click on to take you to the website to fill in your details.

Again, you see the address isn’t anything like what you would expect to see for a TalkTalk website.

By now, you should be able to put the deerstalker hat and magnifying glass away. Your stint as Sherlock Holmes is complete. It’s a fake. Delete it from your Inbox.

Before deleting, however, there is one other thing you should do.

To help the fight against phishing, forward the email to the following address:

report@phishing.gov.uk

It is a new service run by the National Cyber Security Centre. They will check things out and, hopefully, take down the culprits.

Great. You have now stopped yourself getting caught out and helped reduce scamming.

But let’s go one step further.

The Website

Warning: Please don’t try this at home. The best thing with any suspicious email is not to click on any link or open any attachment that comes with it.

My advice above was to hover the mouse pointer over the words or buttons but not to press. Or, in the case of touch, press and hold. Do not simply press.

If, however, we have opened the link to the website, we have one other check we can make.

Take a look at the address bar at the top of the web browser you are using. It is the one that usually contains the website address.

In this example, the website itself looked genuine as I showed in the picture earlier. The website address, however, looks like this:

Again, this doesn’t look like anything to do with TalkTalk.

And, that’s because it isn’t.  Close the web browser and carry on your day.

Summary

Phishing emails are the start of most identity theft, and some are very convincing.

By using the tips above, it should hopefully help you avoid getting caught.

Any questions on any of the above – or anything else – please get in touch.