Call us now on 023 9298 8855

How do I spot a phishing scam?

Most of us have looked at a convincing scam and wondered if it’s for real at some point. But what are the general rules to spot one from a mile off?


Hi everyone! Zarte here! I’ll be with you in a moment, I’m just on hold trying to get through to this Nigerian prince that I’m expecting some money to come through from shortly...

...hmm, no joy... OK, I’m with you! We’ve had a smattering of customers over the years who’ve fallen foul of phishing scams – malicious email campaigns designed to extract money from the vulnerable and inexperienced. As I would *never* fall for such a thing, it seemed only right that it should be me who gives you all a few tips and hints for how you can avoid falling into their trap, and keep your bank account safe!

  1. Is the source of the email logical?

    Many phishing scams claim to be from your bank, or the tax office or some other financial body that you might have dealings with. But they don’t know exactly what companies YOU have dealings with as an individual, so first things first – check that the email could actually have any relevance to you at all. If it’s an email from *a* bank, but not *your* bank, then you know straight away that it’s clearly a crock of manure. Don’t even entertain the notion. A subsection of this point is whether you’ve made a decision that would set up the email being sent. For instance, if someone’s telling you that you’ve won a lottery... did you enter it? It doesn’t matter how lucky you are, you aren’t going to win a lottery if you haven’t bought a ticket, so emails suggesting otherwise are not going to be legitimate.

  2. Is the e-mail well written?

    Despite things being much more convincing when they look authentically written, many phishing emails – presumably due to being written abroad – have some of the most utterly abysmal spelling and grammar that you can possibly imagine. Real companies might make the odd mistake that gets through the cracks here and there, but on the whole, their content will be pretty impeccable. So, if it’s not, it’s probably a scam – stand well back!

  3. Is there a mismatched/unrealistic URL?

    Quite often in an e-mail, you’ll see the full address for a link to a website, external to the email itself. This email may well look legitimate, however this could well be inaccurately hyperlinked texts. Hovering over the link will usually reveal the actual address that you’ll be taken to if you click the link – if that address differs from the address shown, then the chances are you’re not onto a winner! Additionally, links can often be unrealistic. “bea.bea/” is quite clearly not a realistic link. Just a very basic understanding of the construction of a website address or email address could well keep you from falling prey to one of these scumsucking predators.

  4. Is the email from a government agency?

    Government agencies very rarely send out emails. Government agencies also encourage you strongly not to respond to anything that you’re suspicious of. So if you get an email from such a “body”, then at the very least give the relevant agency a call (getting the number from a web search – not trusting any phone numbers within the email) – but the high chances are, you don’t even need to bother with that much effort – it’ll almost certainly be rubbish.

  5. Are you being asked for personal information?

    Companies such as banks, government agencies etc. should have all your details on file. Occasionally they might need to update your information, however if they need to do so, they’ll contact you through a secure channel where you can be sure of the source of the questioning. What they will never ask you to do, is to provide information via an email. Don’t ever, ever, ever, give your personal details out willy nilly via email. I can’t emphasise enough how stupid you would be to do this.

  6. Do you have a bad feeling about things?

    Ultimately, sometimes you just need to trust your gut. If you can’t prove a phishing scam with any of the above points, but still, something just doesn’t feel right – trust yourself. There’s probably a reason that you feel ill at ease, and it’s ALWAYS better to be safe than sorry. Casino security teams in Las Vegas are taught to look out for things under the JDLR rule – “Just doesn’t look right” – if it’s good enough to protect millions of dollars, then it’s good enough to make sure that you and your family don’t lose out to the malicious actions of criminals.

This is, as always, not an 100% exhaustive list. But running through these rules when you’re faced with an email that doesn’t fill you with confidence will send you a long way towards being able to check your emails with confidence.

If there’s anything urgent that you think I’ve missed, or you want to discuss anything you’ve read in this article, please feel free to give the office a call and speak to one of the team about it on 023 9298 8855!

Until next time,