As a follow up to our recent article on how to spot and stop phishing attempts, we’re now going to focus on the difficulty of recognising phishing and email spoofing attempts on mobile devices and how to overcome this.

Beware the email address

Sometimes a spoof email seems to be from someone famous or well known, to attract the attention of the recipient.  Otherwise it may be from a trusted brand name. More sophisticated scams will appear to be from someone the user knows, usually through work. Email spoofing addresses tend to be a mixture of letters, numbers and meaningless words. Depending on the type of device and app you are using, this may be more difficult to spot on a mobile device as they often just display the sender’s “Friendly name” and the email address itself is more difficult to find.

To display the sender’s email address you’ll need to open the email. At the top, underneath the “From” and “To” lines, you should find a link entitled “Details” or “View detail.

Once clicked, this will expand the “From” and “To” details so that you may view the email address of the sender and details as to when the message was received.

Watch what they ask for and how they ask for it

Spoof emails will be asking for something from you, this may include money, passwords or sensitive information. Legitimate banks or companies will never ask for personal credentials over email so don’t give them up.  High end brands are extremely cautious with their spelling, punctuation and grammar so if an email has many spelling mistakes, it’s likely that the email is trying to spoof you.

 Treat all links as suspicious

 Malware and ransomware can be spread when victims unwittingly click on an untoward download link. Phishers will also send links that take the user to a convincing looking corporate website where they are encouraged to enter personal information such as credit card details.

If you’re on a PC, you can use your mouse to hover over any link in an email to view the destination web address. As with the email address, if the destination web address is a random mixture of numbers and letters, be wary of it. Likewise, if the website address is mis-spelled this is a red-flag that can be easily missed eg http://www.micorsoft.com. On a mobile device you won’t have a mouse, but you can still check the link by holding your finger down on it. Unlike a short tap, which would open the link, holding your finger on it will cause a new dialogue window to pop up, showing you what the destination web address is but without actually following the link.

As is always our advice, if you are in any doubt, check! Don’t put your personal details or business in jeopardy. By making sure that everyone is aware of tactics used in email spoofing and know how to verify the original source of an email, you can save wasted time, effort and resources in the future.