In the wake of the tragic and brutal hurricane that has swept the south-east coast of the USA recently; US-CERT (United States Computer Emergency Readiness Team) has released a stark warning to internet users.

“Remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source.”

Online criminals send what’s called ‘phishing emails’ to try and con people out of their personal or financial details. The email will usually pretend to be someone from a prestigious or trusted organisation, such as your bank or a credit card company. Phishing emails and lack of patching are thought to be responsible for the ransomware scandal that struck the NHS not so long ago.

They normally include a link to a bogus site that will be operated by the hacker. Often, these will mimic the look of the company’s website to the point you may be unable to tell them apart. Once exposed to the fake website, the user will then be asked to input sensitive data such as their card details.

“While there has been an enormous wave of support across the country for the victims of Hurricane Harvey, people should be aware of criminals who look to take advantage of this generosity by impersonating charities to get money or private information from well-meaning taxpayers,” an IRS news release states.

But how can we spot a false or malicious email? Below are seven tips from techrepublic to help you identify a phishing scam and stop you becoming a victim.  

  • The message contains a mismatched URL

If you hover your mouse over the link in the email, you should see the actual hyperlinked web address. If the hyperlinked address is different to the destination they say it is, the link is probably fraudulent or malicious.

  • The message contains poor spelling or grammar

When a large company sends out mass communications to customers, they’re usually reviewed for spelling and grammar. If you receive an email that’s full of mistakes, then it’s unlikely to have come from a legitimate source.

  • The message asks for personal information

A reputable company should never send you an email asking for your password, credit card information or the answer to a security question. No matter how official it looks, alarm bells should be ringing if they’re asking you for personal data.

  • The offer seems too good to be true

If something seems too good to be true, it probably is. Phishing scams will sometimes make bold claims to try and entice you to click the link. If it’s come from an unknown source then you should be wary.

  • You didn’t initiate the action

Receiving an email telling you that you’ve won the lottery would be great, if only you had bought a ticket. If you get messages telling you that you’ve won competitions you didn’t enter, then it’s likely to be a scam.  

  • The message makes unrealistic threats

Most phishing emails will try to trick people by promising them riches, however some have begun using intimidation to manipulate people. 

For example: A legitimate looking email from your bank arrives in your inbox and you open it. The email tells you that your bank account has been compromised. If you don’t submit a form containing your account information, they will close your account.

No bank is going to close your account for not replying to an email. It’s important to be wary when reviewing these emails as they try to play on your fear. If in doubt, telephone the company to be sure.

  • Something just doesn’t look right

If something looks off, there’s probably a good reason why. If you receive a message that seems suspicious, its usually in your best interest to avoid acting on the message. As stated in point 6, if you’re unsure then telephone or search the web yourself instead of clicking a link.