Scammers usually write on behalf of a well-known organisation or company (e.g. utility provider, bank, credit card provider, police, post office, other service providers), but they may also pose as distant millionaires, legal representatives of unknown relatives or other individuals. They often try to get you to act immediately, otherwise you face some kind of "negative consequence". For example:
- Suspicious activity has been detected on one of your user accounts, quickly update/confirm your details via the link provided before the account falls into unauthorised hands.
- Update your billing details for a service or it will be immediately blocked.
- Police action has been taken, respond immediately to the email address provided or an arrest warrant will be issued.
- Immediately pay the fee for a package in transit, otherwise it will be returned or withheld.
- The payment of the attached (unknown) invoice has expired, the service will be blocked soon
- You may receive a gift, free product, other unexpected cash.
Most often, these emails require you to click on a link that will take you to a fake login, payment or some other virus containing page.
It is always worth checking the sender's email address. Legitimate organisations will typically not send a message from a public domain (e.g. @gmail.com). If the domain name (the part after the @ symbol) matches the apparent sender of the email, the message is most likely from the sender, whereas if you see a gmail or some other unidentifiable domain, you should be cautious. Fake websites also have suspicious domains, often not matching the name of the organisation.
In the past, phishing emails contained a lot of spelling mistakes, but nowadays there are more and more letters with convincing language. The salutation is almost always generic in these letters, and the recipient is not identified by name in the body of the letter.