Fake emails don’t just clutter up your inbox – they can leave your computer system vulnerable to viruses. These fake messages – often called ‘phishing’ emails – are designed to trick you into clicking a link or opening an attachment. Clicking the link will install a virus, which can sit on your computer silently logging data such as credit card details, passwords, or even everything you type. This information is then uploaded and sold to criminals to exploit.
Phishing emails usually use the name of a trusted brand or company to make the message appear genuine. These include:
- HMRC (your P60 or P45 attached/claim your tax refund)
- Banks and building societies (your statement is attached/fraud has been detected)
- Mobile phone companies (your bill is attached)
- Courier companies (sorry we missed you)
- PayPal (your account has been suspended)
Most emails have a zip file attachment. If you extract the zip file, the file within looks like a PDF. In fact, it’s a virus.
Don’t get caught
- Ensure you have good, up-to-date virus protection software.
- Think twice before opening any email attachment. If you’re unsure and not expecting the email, delete it.
- Remember – banks, HMRC and other financial institutions never send sensitive information via email, or ask you to click on a link to log in to your account.
- If you suspect the email is genuine, verify by logging in to your account on the company’s website.
- Ensure your computer is set to show file types. You may need to change your settings, as Windows doesn’t show file extensions by default.
- Before opening any attachment, check the file type. Some hoax files are made to look like Word documents. If the extension is .exe it’s almost definitely a virus.
- Zip files often contain viruses. Always check the contents before opening.
- Never click on ‘remove’ or ‘unsubscribe’, or reply to unwanted email. Doing so tells the hoaxer your email address is valid, which is likely to increase the number of unwanted emails you receive.
- If you’re concerned, contact the company or institution the email appears to be from.
It also pays to be aware of telephone scams. Whoever the caller claims to be, reputable companies such as Microsoft will never phone you to gain remote access to your computer.
We’ve deliberately seeded an email account and will post any phishing emails to our Twitter feed – @PriorityIT – with the hashtag #hoaxemail.