7 ways to spot a phishing email

Ng Chong Seng
·Lifestyle contributor
Updated
(PHOTO: Getty Images)
(PHOTO: Getty Images)

The all-new Yahoo Mail has arrived. Download it here.

Don’t anyhow open attachments, don’t anyhow click on URLs — these are the two things I never fail to remind my parents when I set up their phones and PCs.

But phishing attacks are hard to avoid. To better protect themselves from scammers, I’ve also taught them how to spot a phishing email. Now, how many of these signs do you know to look out for?

1.

The sender’s address is weird

A scammer isn’t worth their salt is they don’t know how to spoof the display name. Which means you should always take this name at face value and check the sender’s real email address. For instance, an email that supposedly comes from Apple but carries an email address “security@appllee.com” should set off the alarm bell.

2.

The greeting isn’t personalised

A legit email, especially from a company you’ve an existing relationship with, will always address you directly, either by your first or last name. If it starts with “Dear Esteemed Customer”, it’s definitely fake — unless your name is really “Esteemed Customer”.

3.

The link doesn’t match its text

Where do you think this link — sg.yahoo.com — leads to? Like the sender’s name in the From field, embedded hyperlinks in the email body can also be faked, showing one thing but pointing to another. To avoid getting tricked, simply hover your mouse cursor over the link to expose its true destination.

4.

The link points to a domain name that looks real

As users get smarter, scammers know that they won’t fall for a phishing link that points to a domain name that obviously doesn’t make sense. So they will try their best to get as close as possible — for example, yahoo.security@yahoooemail.com. Remember: close enough isn’t good enough!

READ MORE:

Procrastinator or speed champion: what’s your email style?

Common words and phrases in emails that you really shouldn't use

Getting to inbox zero: is it worth it?

How to up your email game: Stop annoying other people with poorly written emails

5.

The email has many typos

Are most scammers non-native English speakers? For some reason, I find the majority of phishing emails to be riddled with spelling and grammar errors. I’ve a friend who posited that this is done on purpose, though: if you don’t find the mistakes fishy, you’re exactly the unsuspecting type that the scammer is targeting.

6.

The email comes out of the blue and sounds urgent

I recently got a message informing me that I’ve been entered into a lucky draw because of the $2,000 TV I just bought. The lucky draw was never the point, of course. What the scammer wanted was for me to believe that I’ve been scammed, and in my moment of panic click the link to “report the transaction”. Always stay calm and evaluation your options in such situations.

7.

The message asks for your personal info

Don’t go duh — apparently, many people will readily offer their personal info when being asked. The most common one is the scammer will pretend to be either from a bank or popular service and tell you that it has “detected suspicious activity” with your account. And to prove that you’re the real owner, you need to reply with your credentials or click through a link to enter them. Never ever do it — no reputable company will ask for your personal info over email!

It’s easy to not be a victim of a phishing scam if you know what to look out for. That said, if you’ve fallen for one, you should report it to the police as well as the Singapore Computer Emergency Response Team (SingCERT), which comes under the Cyber Security Agency of Singapore.

Stay safe in your inbox, folks.

The all-new Yahoo Mail has arrived. Download it here.

  • Up next
  • Up next
  • Up next
  • Up next

Latest stories