Phishing is when fraudsters pose as a legitimate company, person or institution in an email or text message to trick someone into giving financial and/or other personal information. Cyber criminals also use fake online advertising to direct victims to fake websites where username, password or financial information is required.

Phishing is when fraudsters pose as a legitimate company, person or institution in an email or text message to trick someone into giving financial and/or other personal information. Cyber criminals also use fake online advertising to direct victims to fake websites where username, password or financial information is required. 

Here are 9 common elements of phishing scams – and how to handle them.  

1. ‘Recognised’ Sender

In the workplace, successful phishing attacks are often disguised as something an employee is expecting, such as a HR document, a shipping confirmation, or an IT department request to change a password.

The email may also look like it came from a work colleague or even the CEO. Always confirm these types of emails, and verify requests.

2. Attachment or Link

Many scams work by tricking the victim to click on a link or attachment, which then infects the computer with malware that can steal information directly or takes you to a fake page that requests private information.

Most phishing emails now contain ransomware. Never click on a link or open an attachment that wasn’t asked for or expected.

3. Personal Information Request

Consider any email or instant message request for confidential information to be a possible hoax. Legitimate companies do not ask for confidential information like passwords and credit card numbers this way.

Don't respond to links in unsolicited messages, and never give sensitive information to anyone on the phone, in person, or through email without checking the organisation is legit.

4. Wrong Address

Scam emails often have misspelled URLs or the wrong domain. Hover the cursor over the URL to see the actual hyperlink. If the address is different than what’s displayed, it’s likely to be a phishing attempt.

5. Spelling and Grammar Mistakes

If an email has these kinds of mistakes, it’s likely to be a scam. Businesses do not send messages without checking spelling and grammar.

6. Generic Salutation

An email that arrives addressed to ‘customer’ or ‘member’ may be a scam. Most organisations use proper names. Contact the organisation to be sure. 

7. ‘Important Alert’

A 2017 KnowBe4 survey sent 6.6 million bogus messages to more than 2 million people to see which phishing attempts were most successful. The top subject line lure was ‘Security Alert’ – 21% of the people clicked on links inside the message.

Other successful lures were ‘Revised Holiday and Sick Time Policy’, ‘UPS Delivery’, ‘Breaking News’, ‘Updated Healthcare Info’, and ‘Change of Password Required Immediately’. Ignore these alerts.

8. Threats

Phishing scams prey on people’s emotions. If an email arrives that threatens in some way and requires urgent action, it’s likely a scam. Confirm with the organisation before doing anything.

9. Amazing Offers

Listen to your gut. If an offer seems too good to be true, it probably is. Don't open the email or click on links.

Shred-it is the UK’s leading information security company. Click here to learn more about the services they provide, including document shredding and hard drive destruction to safely dispose of unwanted or outdated confidential waste.