How to recognise a phishing email

Home › Banking > How to spot a phishing email

Phishing attacks – especially through emails – are one of the most commonly used online scam tactics. Scammers contact their victims via email, text message, or phone to trick them into revealing sensitive personal data or unknowingly installing malware or spyware on their devices. In this article, we explain what phishing means, how to spot a phishing email, and the best ways to protect yourself from phishing attempts.

The term phishing describes a form of cyberattack that criminals use to trick their victims into revealing sensitive information including passwords, credit card numbers, or personal details. These scammers contact their victims through calls, text messages, or emails pretending to be a trustworthy entity such as a bank, a company, or an employer.

Phishing can happen anywhere online, where scammers try to trick you into revealing sensitive information. It commonly occurs through emails, websites, social media, phone calls, and even text messages. Attackers disguise themselves as trusted entities to steal data or install malware. That’s why it’s essential to stay alert and always verify before clicking any links or sharing any information.

There are different types of phishing:

• Email Phishing: Fake emails pretending to be from legitimate sources.

• Spear Phishing: Targeted attacks on specific individuals or organisations.

• Whaling: Phishing aimed at high-profile targets like executives.

• Smishing: Phishing through SMS/text messages.

• Vishing: Voice phishing via phone calls.

• Clone Phishing: Duplicated emails with malicious links or attachments.

• Angler Phishing: Scams on social media, often posing as customer support.

Malware – short for malicious software – is a term that describes any type of computer software designed to exploit your device, service, or network. Malware is programmed to extract sensitive data from your computer. This data is then used for illegal financial gain.

Spyware is a specific form of malware. If spyware is downloaded to your device, it gathers information about you, including your personal or financial data, and your online activity. This data is then sent to third parties without your consent.

There are different types of phishing. While phishing can be carried out via text messages (SMS) or phone calls, the most common method is phishing through email. An estimated 3.4 billion phishing emails are sent every day*. At first glance, these emails may look like any other email. Usually, they either contain an external link to click on or an attachment. The goal of a phishing email is to steal personal information like your card details. For example, scammers may pretend to be your bank and tell you that there is an issue with your account and urging immediate action that requires your login data and password. Therefore, it is very important to know how to spot phishing emails in order to protect yourself from such scams.

Unfortunately, it is not always easy to recognise a phishing email. They often look legitimate, however, they contain subtle signs of fraud. Various characteristics give away a phishing email such as fake sender addresses, false urgency, external links, and many more. It is very important to know these warning signs to avoid falling victim to such attacks. If you’re unsure if an email is a scam, you can check it for the following characteristics.

Phishing emails often create a sense of urgency, warning of severe consequences if immediate action is not taken. Be cautious of this type of language. A legitimate provider, such as your bank or another reputable institution, would not communicate this way in an official email.

Always check the spelling in emails that seem suspicious to you. Phishing emails often contain spelling errors in common words or phrases, or they feel like they have been poorly translated. However, with the increasing use of AI, a phishing email may contain no spelling errors. Always check for other signs of scam or fraud as well.

If you receive an email from your bank or, for example, a subscription provider, they will usually refer to you by your name. Most of the time, scammers will not do this. Consequently, if you read an email that is addressed to you as “valued customer” or “colleague”, it probably is an attempted fraud.

A bank or any other professional company will never ask you for your passwords or PINs in an email. Therefore, never share any sensitive information when asked for it in an email. It is usually an attempt to scam you. If you receive an email requesting you to "verify your account" or "confirm your payment details" by clicking a link, it's likely a phishing attempt. Instead of clicking, visit the company’s website directly and check your account from there.

Always have a close look at the email address the mail has been sent from. Phishing emails often try to imitate a real email address, but there are usually tiny spelling mistakes or extra characters in the mail address. For example, an email claiming to be from PayPal might come from "support@paypa1.com" instead of "support@paypal.com". Always check the sender’s full email address before trusting a message.

If you suddenly receive an offer for a large tax refund despite having paid everything correctly, or you’re told you’ve won a luxury holiday without ever entering a competition, be cautious. Scammers often use tempting offers to lure victims into their traps. If something sounds too good to be true, it probably is. When in doubt, always contact the company directly through official channels.

Be sceptical of brand logos added to an email. Sometimes they don’t look quite right or are distorted. The reason is that these logos are usually taken from existing websites and emails, therefore they have a lower quality than the original image. If you believe something is wrong with a logo, be suspicious and look out for other signs of fraud.

One of the most commonly used features of a phishing email is a request to click on a link. If you click the link, you either download malware or spyware onto your device, or it may redirect you to a website where you are asked to enter personal data. If the link is embedded in a word or a clickable button, there are ways to preview the URL before clicking it. On a computer, hover your mouse over the link to display the URL. On a phone or tablet, press and hold the link with your finger to see the URL. If the URL looks suspicious, do not click it. If you’re unsure if the link is legitimate or not, first contact the company, bank, or shop the email claims to be from. Never click a link unless you are certain it is safe.

Phishing emails almost always urge you to take action. There is often a claim that your account will be locked or suspended, or that there will be legal consequences for you if you don’t act immediately. Scammers want to put you under pressure, so you will act without thinking, only being worried about the consequences. If you feel that way while reading an email, be careful and don’t click on any links or share any information.

A common method to install spyware or malware on your device is through attachments in emails. If you don’t know the sender of the email or the email meets any other criteria for phishing, don’t open any attachments.

Some phishing emails contain strange formatting, such as random font changes, excessive bold or coloured text, or awkward spacing. This happens because scammers may use automated tools or poor translations when creating their messages. Official emails from reputable companies are usually well-structured, with consistent branding, professional language, and proper formatting. If an email looks sloppy or unprofessional, it’s a sign of phishing.

Source: https://www.bankofireland.com/security-zone/gallery-of-phishing-and-smishing-examples/

Phishing emails come in many forms. Some of them are full of obvious mistakes, while others look nearly identical to legitimate emails. Even if a message seems professional, it’s still important to stay cautious and check for warning signs.

For example, you might receive an email claiming to be from your bank, warning you about unusual activity on your account. The email may look official, with a bank logo, formal language, and a link urging you to "Verify Your Account" or "Update Your Security Details." It might also create a sense of urgency, saying your account will be restricted if you don’t act quickly. In this case, it is important to check for signs of phishing first. Don’t let yourself be rushed into action.

If you receive an email like this and suspect it to be phishing, do not click any links or enter personal information. Instead, contact your bank directly through their official website or phone number. Phishing scams rely on creating panic. Therefore, it’s important to stay calm, verify with the official provider, and most importantly protect your information.

Phishing emails are the most common way of phishing attacks. This means there will also be victims. If you clicked on a link, opened an attachment in a phishing email, or even provided your personal data, it is important to stay calm and not panic. There are several measures you can take if you were unlucky enough to fall for a scam. 

• Antivirus software: If you suspect that you have downloaded any kind of malware or spyware, you can try and run a full scan of your system with the help of your antivirus software. If anything has been installed on your device or anything threatens it, the software should be able to find it and instruct you on what steps to take next. 

• Change passwords: If you shared any login details such as username and passwords, change all other passwords to something more secure and different. This is especially important if the password you accidentally shared is used somewhere else as well. Enable two-factor authentication (2FA) to add an extra layer of security.

• Monitor your accounts for suspicious activity: If you shared banking or personal information, watch for unauthorised transactions or account changes. If anything looks suspicious, contact your bank immediately and request extra security measures on your account.

• Report it: If you live in Ireland and have been scammed by phishing, report it as soon as possible. If you lost money or shared sensitive information, contact your local Garda station. If you received a suspicious email but didn’t fall for the scam, you can forward it to the National Cyber Security Centre (NCSC) at phishing@ncsc.gov.ie. For banking-related scams, report the incident to your bank immediately and check FraudSMART for advice.

Most importantly, don’t blame yourself. These scams are highly sophisticated, and anyone can be tricked, that’s why they work. Instead of feeling embarrassed, use your experience to raise awareness by informing others, helping to prevent them from becoming victims as well.

Especially with the help of AI tools, phishing emails or scams in general are sometimes difficult to spot. Even if you’re very cautious, you can fall victim to well-crafted phishing attempts. However, there are several steps you can take to reduce the risk and protect yourself from phishing scams.

• Be mindful of the information you share online: Even seemingly harmless pictures posted on your birthday could give hackers or scammers a clue to passwords or security questions that include your birthdate. 

• Set your social media accounts to private: This way, you limit the number of people who can see your posts and reduce the risk of scammers gathering private information from you. 

• Review privacy settings across all apps and websites: Check what data you’re sharing and with whom. Change the settings if necessary. 

• Set and remember your online banking contact preferences: Most banks allow you to choose how they communicate with you, such as via email, SMS, or phone calls. Setting and remembering your contact preferences ensures that you only receive messages through official channels, making it easier to spot phishing attempts.

• Stay informed about online safety: Regularly update your knowledge about online safety and inform yourself about recent phishing attacks and tactics. 

• Remain vigilant: Always question unexpected or unusual emails, even if they appear to be from a known source.

• Take your time with emails: The created sense of urgency in phishing emails pressures you to take action. It is important to avoid rushing and assess emails carefully before clicking on any links or sharing any data.

Phishing emails often impersonate banks and financial services to trick you into revealing personal information. Always verify the sender and avoid clicking on suspicious links before entering any banking details.

If you’re looking for legitimate savings options, you can easily get started by signing up for a Raisin Account, which is free to join. You can find a range of high-yield savings accounts to get more from your money. Once your account is approved, choose a savings account, deposit your funds, and watch your savings grow.

*https://aag-it.com/the-latest-phishing-statistics/