What is a Scam or Phishing Email?
A scam is just a scheme to gain something from you fraudulently, most commonly your identity or money. Phishing is a type of scam that fishes for the information a scammer requires to get want they want. A Phishing scam will usually be an email or text sent to you that appears to come from a legitimate source. The scammer is hoping you will follow the link and enter your login details.
At this point, I’d like to also clarify the term “spam email”, as many people still find it confusing. The goal of this article is to give you a clear understanding of the terminology so that you can stay alert to what constitutes risk.
So, “spam” is defined just as annoying or repetitive, and definitely uninvited email. It is not necessarily malicious. And, while scam and phishing are also uninvited, you need to know how to spot them.
Warning Signs you are being Phished
Receiving an email that tells you to login to a service such as your email, online banking, or any other site you have you have protected with a password, should immediately raise red flags.
Here are a couple of things to look out for that will confirm if you are being scammed:
- Look at who has sent the email to you. Most importantly, the email address that the sender has used, not just the name. For example:
From: IT ADMINISTRATIVE DESK <firstname.lastname@example.org>
It may well say it’s from “IT ADMINISTRATIVE DESK” but the email address email@example.com is who actually sent it to you.
- All scam emails will want you to click on something that will take you to a logon screen so you can provide your username and password. Hovering your mouse over the link they want you to click on will reveal where the link will take you.
For example, the image below is trying to convince you that Microsoft have sent you a notification but by hovering over the link you can see it will take you to a google site that has nothing to do with Microsoft.
- Spelling mistakes and poor grammar are also common in most scam emails. Scammers may be poorly educated or English may not be their first language. Scam attacks are becoming more and more sophisticated every day though.
- Look for things that don’t match. An email from Australia Post or Microsoft will come from “auspost.com.au” or “microsoft.com”, respectively, – if the domain doesn’t look right, don’t trust it.
Even the most cautious person can have a bad day and be tricked by a well-executed phishing attack. The only way to stop you from becoming a victim is to be protected with Multi-Factor Authentication (MFA). Even you give up your username and password, your account cannot be accessed without your consent as the second factor of authentication is required.