Fake emails are sent by criminals in order to get your money, or to take advantage of your computer’s processing power and Internet connection to launch attacks on other networks. This practice, aka “phishing,” works by getting you to visit fake websites to enter personal details, or by capturing personal details directly from your computer. The emails are often hard to spot and can look like they come from your bank. According to blog.returnpath.com, phishing attacks are more rampant than ever before, rising by more than 162 per cent from 2010 to 2014. They cost banks, their customers as well as other organisations around the globe $4.5bn every year and over half of Internet users get at least one phishing email per day. The best defence banks and other companies have against phishing attacks is to block malicious emails before they reach customers. Unfortunately, no matter what banks do, some phishing emails will always make it to the inbox of their customers. And those email messages are extremely effective: 97 per cent of people around the globe cannot identify a sophisticated phishing email. That’s where customer education comes in. According to www.returnpath.com, here are some tips on how to identify those emails and what to do if you suspect you’ve received one. 1: Don’t trust the display name A favourite phishing tactic among cybercriminals is to spoof the display name of an email. For example, the email carries the name of your bank such that you think the email is coming from your bank. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header; if it looks suspicious, don’t open the email. 2: Look but don’t click Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in the website address directly rather than clicking on the link from unsolicited emails. 3: Check for spelling mistakes Brands are pretty serious about emails. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious. 4: Analyse the salutation Is the email addressed to a vague “Valued Customer?” If so, watch out; legitimate businesses will often use a personal salutation with your first and last name. 5: Don’t give up personal information Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up. This personal information include your Personal Identification Number, debit card or credit card information, bank account number, Bank Verification Number etc. 6: Beware of urgent or threatening language in the subject line Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorised login attempt.” Sometimes, such phishing emails may tell you that your token device is about to be deactivated or has been deactivated, asking you to click on a link to reactivate it. They create a sense of urgency to prompt you to act quickly. You need to be wary of such tones. 7: Review the signature Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details. Sometimes, they may not include the name of the officer to contact. At other times, they provide a fake name and contact details. 8: Don’t click on attachments Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting. 9: Don’t trust the header from email address Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address 10: Don’t believe everything you see Phishers are extremely good at what they do. Just because an email has convincing brand logos, language and a seemingly valid email address does not mean that it’s legitimate. Be sceptical when it comes to your email messages; if it looks even remotely suspicious, don’t open it.