It’s common knowledge that criminals use emails, instant messages such as SMS, WhatsApp, and social media DMs to steal people’s login information and private details – all it takes is for you to make one thoughtless click-through. Cybercriminals are becoming smarter all the time at using file attachments or links to fake websites, hoping to catch you unaware.
You can stop criminals by being on guard all the time. If you notice one or more of the warning signs on this checklist, do not reply to the email or click on any links or attachments it contains:
Your gut tells you something is wrong.
The email requests login details, personal information, or something unusual.
It asks you to pay money into an unknown bank account.
There’s something “off” with the address, such as its spelling.
It has an attachment you didn’t request or expect.
Attachments have filenames such as .html, .exe, .zip, or .rar.
The email contains a link – and when you hover your cursor over it, a different link pops up.
You’re told you need to take urgent action, e.g., it promises an opportunity to win money/a prize if you react now or your device is under immediate threat.
The sender is trying to blackmail you.
You notice spelling and grammar mistakes.
Even if the email doesn’t tick any of the above boxes, always double-check:
Look for unusual language from that person or organisation. Or changed details, such as a new bank account.
Contact the sender through another channel, such as a phone call, to ask if they sent the email.
Ignore requests to change your password or supply extra information – especially personal details, like your home address, birth date, and pet names.
Contact your IT expert for advice if you’re still unsure.
The good news is that if you don’t click on a link or attachment in the email, you should be fine. Never rely on antivirus software to protect you – some malware (dangerous software) can bypass antivirus when you click on it.
These criminal attacks happen for several reasons. Here are five examples that apply to emails and instant messages such as SMS, WhatsApp, or social media DMs:
Install dangerous software: Email attachments and links can install malware on your device. This lets the criminals view everything you type and see on your screen. It doesn’t even matter if you use encryption, such as with WhatsApp messages. Once they’ve installed this malware, they can sidestep any encryption or screenshot blockers.
Create a false transaction: Criminals pretend to be a supplier or customer and file a fake invoice with alternative bank details. This is known as a business email compromise attack. The idea is to fool you into paying money into the wrong account.
Steal login details: A link on an email directs you to a site that looks legit, asking you to log in – often, they claim you must change your password. But it's a fake site. Once you enter your login details, the criminals steal these and attempt to access your legitimate accounts.
Impersonate a brand: An email/message looks like it comes from a legitimate and well-known brand. It usually offers you something, such as a prize for filling in a survey. But these are scams designed to steal your personal information and/or install malware on your device.
Personal scams: A person contacts you, saying they have access to millions but need a bank account to deposit the cash, and you’ll get a cut for helping them. Instead, the scammers extract money from you for “clearance fees” or using other excuses.
Knowing these tactics will help you spot nasty emails and instant messages. There’s not always a single sign that gives away a dangerous email. It may even come from someone you know because their account was hacked. Trust your instinct and always think before you click.