401 words, approx. 2 minutes to read.
There’s a fraudulent email going round, that appears to be from the Co-op, but is a scam called ‘phishing’, to access your personal data.
How to spot scams
This email is quite authentic looking, but the main giveaway that it isn’t genuine is the sender name and domain address.
The sender’s name and domain can be masked, so you can’t trust that alone. If you’re unsure, hover over or right click on the sender name (in this case ‘Confirmation’) and look at the sender properties, to see the email address it’s actually from.
Some email services e.g. Google Mail behave differently, and depending on your settings you may be able to just hover over the email itself to see the real address.
Action Fraud also offers this advice on spotting scam emails:
- You weren’t expecting to get an email or attachment from the company that appears to have sent it
- The sender’s email address doesn’t look the same as the real organisation’s website address
- The email is sent from a completely different address or a free webmail address like Gmail or Hotmail
- The email does not use your actual name, but uses a non-specific greeting like ‘dear customer’ (real companies are more likely to personalise the email)
- A sense of urgency; for example the threat that unless you act immediately your account may be closed
- The email may include a website link, which can be forged or seem very similar to the proper address, but even a single different character means a different website
- A request for personal information such as username, password or bank details
- The email may contain spelling and grammar errors, or strange language
- The entire text of the email is contained within an image rather than the usual text format
- The image contains an embedded hyperlink to a bogus site
What to do if you’re sent a scam email:
- Don’t open any attachments or links in the email
- Don’t reply to the email, contact the sender or fill in any information
- Delete the email and then delete it from your trash too
- Report any suspicious emails to Action Fraud
- If you’re a Co-op colleague and you get suspicious emails to your work email address, forward them on, with the word ‘phishing’ in the subject line, to our Information Security team on email@example.com, before deleting them
Information Security Education and Awareness Manager