Plenty of Phish in the Sea: Your guide to spotting emails and scams

August 15, 2024

Matthew Golby

Cyber Security Tutor

I remember as a young whipper snapper being told by my mum, when, for the hundredth time, I had been dumped… and of course the world had ended and that there were “plenty more fish in the sea”. At the time, these words sent a shiver of annoyance through my body, because the love of my life had left me and my world was over.

Much like when I was younger, the words still send shivers throughout my body, however one thing is very different: these phish leave more than a few tears dribbling down my face. They can destroy a company’s reputation at the click of a button. You will all hopefully remember the Prince of Nigeria who had amassed a large fortune, but due to civil unrest needed you to look after it for him. All you had to do was send your bank details and maybe a small advanced payment to cover any bribes they needed to make or to cover the bank fees for the transfer - and in return you will inherit millions.

What would happen is that if you took the bait, your account would become dryer than my throat when I heard the “we need to talk” in the playground.

Now as this email scam is so well-known, hopefully you would all be able to spot it. But what about the newer ones? What about the ones created by AI and then grammar checked? Yes, we still get the obvious ones from Amazon or from Evri. But what about the ones that look so real that you think, it can’t be a scam… can it?

I remember once I was told that the most beautiful girl in the school fancied me and she wanted me to go and let her know if I liked her. It was a trap (of course) but the way the person delivered the information, they left no allowance for disbelief. This is what new phishing emails look like, ranging from:

“You have an undelivered parcel, please click the link to resubmit your new delivery date.”

“We have spotted what might be unusual activity on your credit card. Follow this link to confirm your recent transactions.”

These messages look like they could be real – I, for one, am always expecting a parcel and nine times out of ten they try when I amount. And with all the online purchasing we do now, it seems perfectly legit that your credit card company might flag some transactions you’ve recently made, so again, why wouldn’t you click the links?

That’s the tricky thing with phishing attacks. The scammers have levelled-up their phishing game and now with the help of tools like Grammarly, they are able to ensure that the message is delivered with a good level of readability.

So, what can I do?

There are certain things that, regardless of the amazing grammar and authentic-looking messages, you can use to help you decide on whether it could be a scam or not.

First of all, and this one rarely gets mentioned, but are you expecting the message from this company? Are you waiting for a parcel and/or did you miss the delivery slot? If the answer is no and you receive an email or text message saying that you have, then you can pretty much guarantee it’s a scam. Some other ways you can look to spot if it is a scam are:

Authority:
- Is the message claiming to be from someone official? For example, your bank, doctor, a government department (HMRC). Or is it from your boss but not using the normal email address? Scammers often pretend they are someone important to trick you into doing what they want you to do.
Urgency:
- Are you told in the message that you have a limited time to respond? (This could be for example 24 hours or immediately)
- Some messages will contain demands that if you do not respond within a set timeframe you will face further fines or legal consequences.

“You need to respond to this email immediately or legal action will betaken against you”.

Emotion:
- Does the message make you feel panicked or alarmed? Maybe it makes you feel excited or hopeful. Scammers will use emotions in many ways to get you to do what they want you to do or to tease you into wanting more.
Scarcity:
- This could the message be offering you something in short supply. One example of this was offering lateral flow tests during the pandemic. This could come in the form of offering you tickets to a popular sold-out music festival. The thought behind this is to get you to respond quicky through fear of missing out.
Current Events:
- Scammers like to exploit current events for example business reporting their annual taxes to the HMRC or parents needing to get the free school meal vouchers for the summer holidays. While the scam won’t be relevant to all that receive it if it is to you then you are the type of person they are looking for.

So, you suspect that an email might not be legit what should you do?

Inform the person responsible for the security of the company (this can be the COO or the Head of IT Security, for example)
Report the email using your report function on Outlook
Do not use the numbers, links, or email addresses within the message.
Google them companies phone number or if it is from your bank use the number on the back of your card.

“Oh no I’ve clicked the link!”

Stop! Do not panic. If this happens you need to inform someone. This might be your bank or the company that you thought you were receiving the message from. It doesn’t matter if the amount you lose is small - reporting it will help stop the scammers for good!

Who to contact if you suspect you are part of a phishing scam?

Contact your bank immediately if you think you have fallen victim to a scam.

If you have been defrauded or experienced cyber crime you must report it to Action Fraud either online or calling 0300 123 2040.

You should also report what has happened to the Financial Conduct Authority either online or by calling 0800 111 6768.