January 30th 2021
In the current situation ‘stay safe’ not only applies to the physical threat of the virus, but also the digital threat. Numerous scammers are trying to exploit this current situation to their own benefit. You may have heard of or received such e-mails first hand.
Here are some tips to stay safe online - with special attention drawn towards e-mail.
Although e-mail addresses can be spoofed, on the whole the scammers simply create a free e-mail account using for example; outlook.com or gmail.com.
They then create e-mails using official logos for example from the NHS, HMRC or your bank - they often look very convincing and can play on your emotions at a time like this when people are awaiting news from the NHS regarding testing and vaccinations.
These malicious e-mails are after one thing - your data; be that personal or financial.
They will often try to trick you into ‘reconfirming your password’ or ‘update your PIN’ or even ‘enter your bank details, so we can give you x’. This is known as ‘phishing’.
Thankfully, there are some tell-tale signs to look for to help you spot a fake e-mail:
1. The tone may be off, or there may be obvious spelling mistakes in the text.
2. Always check the e-mail address of the sender- some e-mail software only shows the name (which can easily be faked). To reveal the actual e-mail address -
- iOS (iPhone apps) - hold your finger on the sender name and it will reveal the e-mail address - if the e-mail is meant to be official from the NHS, HMRC or your bank, yet the e-mail ends @gmail.com or @outlook.com or @yahoo.com (examples only) then it is most likely a fake because those are free e-mail account domains.
- On Gmail.com - you don’t even have to open the mail, simply hover-over the sender’s supposed name in your Inbox and you will be able to see the real e-mail address in grey text.
- Outlook.com is very similar and reveals the true e-mail address upon hover-over.
- Other clients and platforms should also display the true address, always check.
3. Always check the link is what is purports to be - if the link text is different to when you hover-over for example ’88.170.86.456’ or ‘banking.secure-host-site.com’ - then this is suspicious and most likely a scam. Your real bank’s website address is what should be shown.
4. Government websites and HMRC for example end in .gov.uk which is a reserved domain type.
5. Of course, look out for the padlock symbol in your address bar as a means to identify ‘secure’ sites - but be aware this only guarantees the connection is secure. If you are on a secure (but fake) website then it’s still a fake website and potentially dangerous.
By James McGlinchey