We recently became aware of a particular phishing scam targeting Zen customers.
The scam involved a convincing looking email – purporting to come from Zen – that warned customers of an outstanding payment, and encouraged them to follow a link or download an attachment.
This particular scam has since been blocked by our security team, but is indicative of a trend of harmful emails targeting innocent users.
The links contained in these kinds of email tend to take users to ‘phishing’ sites – websites deliberately set up to fool customers and convince them to provide sensitive data such as personal or financial information.
Attachments often initiate the downloading and running of harmful software or take the unsuspecting user to very convincing looking malicious websites.
Phishing attacks are so popular with criminals because they’re easy to do, they often fall under the radar of conventional antivirus monitoring or mail filters, and the victim only has to let their guard down once – a single mistake is all it takes.
While some phishing attempts are almost laughably obvious, others are much more subtle and difficult to detect, and users must be continually on guard to protect themselves.
So what should you look out for, and what can you do to keep yourself safe from phishing attacks?
1) Check the sending address
A quick check of the sender’s email address will often alert you to the fact that the email isn’t actually from who it says it is.
But remember to check the address, not just the sender’s name.
Sometimes, the sending address isn’t obviously wrong. If you’ve received an email pretending to be from Zen, for example, an obvious phishing email might come from an obviously wrong address, but would you notice an email sent from zan.co.uk with just a quick glance?
And remember also that not all phishing emails will have a suspect sending address. In fact, the scammer might have hijacked a proper email address for sending their phishing emails.
So while this will help you to identify most phishing emails, it isn’t bulletproof.
2) Check the content
Obvious phishing emails often contain such bad spelling and punctuation it’s almost like the scammer isn’t even trying (though there is an argument that says this is deliberate, to ‘filter out’ less gullible readers).
Many phishing emails aren’t so obviously bad however. But there are often tell-tale signs, like the fact that phishing emails are often written by non-English speakers.
When foreign language text is translated into English, spelling (for example) might be accurate, but the email won’t necessarily ‘read’ well – literal translations are very rarely entirely correct and are easily spotted by a native English speaker.
So, always carefully read the email. Does it ‘feel’ genuine? Hopefully anything suspicious will quickly become apparent.
3) Were you expecting the email?
Were you expecting that out of the blue email about an outstanding payment, password expiry or account deactivation?
If you weren’t you can check elsewhere whether your regular payment has gone out or whether you can still login to your account, for example. Treat anything that’s asking for information from you with suspicion.
4) Check for suspicious looking attachments or links
Before you even consider clicking on a link, check the destination address. This is easily done on a PC by hovering your mouse over the link and waiting for the address to pop up. On mobile you can achieve the same by long pressing the link – after a while the address of the link will appear.
A legitimate link will point to the website of the reported sender. A suspicious link will more than likely point somewhere else entirely.
When it comes to attachments, ask yourself why your provider would want to send you one. Other than perhaps a PDF file containing updated terms and conditions or a receipt, there is little need.
5) Check for a sense of urgency
Many phishing emails want to rush you into an action – to click on a link or download an attachment without thinking it through.
That’s why they’ll often request you take action within a certain short timescale (like an hour), or will threaten you with a ‘your account will be deleted’ message.
If you think the email is genuine and there really is a sense of urgency, contact your provider direct and ask.
6) Don’t fall into the trap
If you’re not certain about the email you’ve received, you can contact the supposed sender in other ways to check. They should be able to tell you if it is legitimate or not.
And the most important advice is that unless you’re absolutely certain it’s legitimate, don’t click on those links or attachments, delete the email and report it (to your email provider and the reported sender).
We hope these tips will help you to better identify and deal with phishing emails. And remember, if you do receive one, don't panic. Receiving the email is harmless - just don't give them what they want.
Zen Internet - Home SalesSales
01706 902573
Zen Internet - Customer EnquiriesCustomer Enquiries
01706 902001