How to protect against phishing and email scams Peace of Mind PAI’m in the money!

I’m absolutely thrilled this morning.  HMRC have emailed me to let me know they’re giving me a tax rebate!  Hurrah!  This, combined with the email I got from Nelson, son of a Nigerian politician, who wants me to help him move his fortune out of the country (and for which I will be handsomely rewarded) means I should be having a very happy New Year indeed!  Although… hang on a minute… could they be scams?

A quick look through the junk folder of my personal email account reveals a wide range of phishing emails in just the last two weeks – these include:

  • Banks that are freezing access to my online bank accounts – please can I click on a link to log in
  • Receipts for weird and wonderful things that I have ordered via Amazon – although if I don’t recognise the order I should click on the link to check my account
  • A lady with a terminal illness who wants me to set up a charitable foundation as her dying wish
  • A tax rebate from HMRC – I just need to open the attached PDF to check the details

Some phishing emails  are more obvious than others, but they all have the same goal in common – to get access to your personal and/or banking details by either installing malware on your computer, or getting you to hand them over directly.  Your email spam filters should hopefully pick up a lot of these, but occasionally one might get through or you may check your junk folders for genuine mail, in which case it helps to know what to look for.

So, how do you recognise a ‘dodgy’ email?

1) Do they know your actual name?

If the email is addressed to ‘Our Valued Customer’ or ‘Dear *your email address*’ chances are it is spam! If the email is genuinely from your bank or an online store you have an account with it is very likely that they’re going to address emails to you personally. The fake emails I receive from ‘Amazon’ and ‘HMRC’ are always addressed to my email address, the genuine ones of course are addressed to me by name or my account username. Check out this email below from ‘HMRC’ that is clearly addressed to my email address!

How to recognise a scam email Peace of Mind PA


2) Check the language

It’s not always the case, but emails from scammers often have poor grammar and spelling mistakes.

3) Check the email address it’s sent from

At first glance the email might look as though it’s come from a reputable source – but check it! Often email clients such as Outlook or Thunderbird only show the sender name, which can be set as any person or company, but if you click on the name to see the email address it soon becomes clear that the email address is something completely different.  The same applies to emails that look like they may have come from a friend – often they haven’t been hacked but someone may have got hold of their contacts through other means (for example Facebook.

How to recognise scam emails

4) Check with the ‘sender’ before you click on any link or open any attachments

If the email allegedly comes from a friend, ask them via another means (text message, whatsapp, messenger…) whether they actually sent you something – if they’ve been hacked they’ll appreciate the heads-up.  If the email is from a company or organisation, take a look at their website to see what they say about sending emails – HMRC states very clearly they don’t email about tax rebates.

If the email claims an account has been breached, or items have been purchased via an account, open a new browser window, type in the website address of the relevant website and log into your account that way to check. Don not click on any links in the email.

5) Check that the sending company is the company you’re registered with for the account

If you have a website or own a domain name, there’s a good chance you’ll receive scam domain emails.  These tend to take two forms – one is that your domain is about to expire and needs renewing, and the other that someone else is using a similar domain and you should buy more domains to protect your brand.  Never buy domains through these emails.

If the domain renewal notice comes from the company your domain is hosted with, log into your account via their website and organise renewal (or even better, set up autorenewal and you wont have to worry about it).

If you want to protect your brand by buying other domain names, go to a company you trust, such as your web host, and arrange to buy them that way.

What should I do if I receive a phishing email?

Firstly – report it. Many companies and organisations, including banks and HMRC, have dedicated email addresses for you to report phishing emails to. You can also report it to Action Fraud.

Then delete the email.

What should I do if I’ve clicked on a suspicious link or document?

Immediately disconnect your device from the internet – this will stop any malware from sending information, stop anyone from accessing your device remotely, and also stop any malware from spreading within your network or to any cloud systems you may use.

If you don’t have a recent back-up of your files, back-up to an external hard drive or USB.

Run a full scan using your anti-virus software.  I also recommend running a scan with Malwarebytes – you can download the software for free here. If you don’t have anti-virus software or Malwarebytes already installed on the affected computer, download it to an external drive via an unaffected device that can be connected to the internet, then install on the computer in question.

Change your passwords and other login information for all your online accounts.

Report it to Action Fraud, your bank (if you think you’ve handed over login information or card details), and set up an alert with one of the major credit bureaus such as Experian or Equifax (they have to notify one another of alerts), which will make it harder for someone to open an account in your name.

Vishing and Smishing

I know, it sound like I’m making this up now, but you may also get scammers reaching out to you via phonecalls, SMS and Messenger. The same rules apply.  Do not click on links and do not give out personal information.  If you don’t recognise a number, or you are not sure, delete.



Tagged on: