Phishing emails are a common online threat that can lead to identity theft, financial loss, and data breaches. Recognising a phishing attempt is crucial for maintaining online safety.

Here are some tips on how to spot a phishing email: 

1. Suspicious Sender Address: Check the sender’s email address carefully. Phishing emails often come from addresses that attempt to mimic legitimate ones, with subtle differences.  

Sometimes the email address is hidden within the sender’s name, but if you hover you mouse over the name it should reveal the true address.  DO NOT REPLY! 

2. Urgent or Threatening Language: Be wary of emails claiming urgent action or threatening negative consequences if you don’t respond.  

If your role does involve dealing with urgent matters then consider agreeing a specific code word or phrase. This could include an email subject prefix or reference. 

3. Unsolicited Attachments or Links: Avoid opening attachments or clicking on links from unknown sources. These could contain malware or lead you to fraudulent websites. 

4. Request for Personal Information: Legitimate organisations will not ask for sensitive information via email.  

If you do need to send sensitive or confidential information then speak with the College IT Office about secure methods of sending information.  

5. Poor Spelling and Grammar: Professional companies typically ensure their communications are error-free. Mistakes can be a red flag. 

6. Mismatched URLs: Hover over any links in the email without clicking. If the URL doesn’t match the link text or seems suspicious, it’s likely a phishing attempt.  

Also be careful of obfuscated links – these can be links with other links or redirects hidden inside. If in doubt type the website domain address into a web browser rather than clicking a long suspicious link within the email.  

7. Generic Greetings: Phishing emails often use generic greetings like “Dear Customer,” instead of your name. However, they can include your correct name. Generally legitimate banking emails will include your name, part of your address or postcode and part of your account number. But still be careful and think about visiting the banking website via your own web browser address bar rather than following the provided link in the email. 

8. Inconsistencies in Email Design: Look for inconsistencies in the email’s design, layout, and branding compared to official communications from the organisation. Although this is getting harder to spot.  

Also be careful with your Google / Bing / DuckDuckGo etc searches – organised criminals can take out advertisement themselves and get themselves pinned to the top of popular searches.   

To understand the scale of this issue, consider the following statistics: An estimated 3.4 billion spam emails are sent every day, many of which are phishing attempts. Google blocks approximately 100 million phishing emails daily. Over 48% of all emails sent in 2022 were classified as spam, and more than a fifth of phishing emails originated from Russia. These numbers highlight the importance of staying vigilant and informed.  

Based on the sheer volume of emails sent it goes to show how lucrative it must be to the scammers. Even if only 0.1% of the 3.4 billion emails received a reply from their victim and then 0.1% of those actually sent money – that is 3,400 people a day who are out of pocket; and we can probably guess that the scammers odds are much higher than 0.0001%. (I think I got that right .. I’m sure someone will tell me 😊) 

In fact, in 2021, the average click rate for a phishing campaign was 17.8%! 

Online crime costs the world economy over £250 billion a year, causing incalculable distress and inconvenience to boot. 

Estimates for UK citizens is £3.1bn per annum. This breaks down as:  

•           £1.7bn per annum for identity theft 

•           £1.4bn per annum for online scams  

•           £30m for scareware and fake anti-virus software 

The economic cost of cyber-crime to UK businesses is estimated at £21bn per annum and to the UK Government it is around £2.2bn per annum.  

Remember, awareness is your first line of defence against phishing. Always verify the authenticity of the email and when in doubt, contact the organisation directly through official channels. Stay safe online by practicing these tips and educating others about the dangers of phishing emails. 

David Olds, IT Manager