Oct 7th 2020
If you received this email, what is the first thing you should be asking yourself? Did I apply for a grant? Is this applicable to me at all? The answer to these kinds of questions is quite often No.
Taking a closer look, the email is telling me my “second grant has been approved”. Well, that’s curious because I never received my first grant!
So perhaps you believe that you may be entitled to a grant. After all, we’re in the midst of a pandemic and the government has a range of schemes to support UK businesses. You have most likely read about this in the news – it’s certainly a topical feature in our daily lives. What other warning flags are there in this email?
Delving deeper, the email sender’s name is “UK Government”. This sounds rather official, maybe it is real? Take a look at the email address (this has been viewed in Microsoft Outlook online, but most email programs show this information in a similar style).
This doesn’t look official at all, not like a gov.uk email address. This is a big tell that the email is not legitimate and is likely a phishing attempt. Granted, this is particularly easy to spot as suspicious and other senders may have more convincing addresses, so we can look for more characteristics of a phishing email to help us.
Moving on to the body of the email.
The first sentence addresses me by my email address. If this were an official email and had stemmed from some previous communication, it would usually know my name and start the email with “Dear Name” or “Mr. Surname”.
Bad grammar: “The money are set to land in your bank accounts within six working days of making the claim”. This is unlikely to have been written by an employee of the UK government.
Moving on, let’s assume that the email you received was from a seemingly official address, they addressed you by name, and it appears to be grammatically correct. Surely you can claim your money now? Not just yet, phishing emails usually have a theme:
Up until now, we’ve seen the first two points, the email is current and there is money to claim. How about the third point? Consider this sentence: “Keep in mind that the scheme closes on the 19 October 2020 so you have to hurry up”. A common tactic used to entice you to act quickly.
Finally, we get to the core of a phishing scam. The link. Scammers need to direct you somewhere so they can harvest information, such as bank details. Therefore, the web addresses are usually hidden, in this case behind the text “Claim now >” so you can’t see where you’re heading before you click. Most modern browsers will display the web address in the bottom left of the page by hovering over the link, as seen below.
The trouble scammers have is that they cannot simply use https://www.gov.uk/, because they have no control over the website and what content is shown to the user. This means they must use obscure web addresses like above.
If, after assessing each feature of the email, nothing stands out as fraudulent, what now? Ask yourself again, why did I receive this email? If you cannot answer this question then in all likelihood, it’s a scam and should be ignored. If you still have any doubt, contact the legitimate service or company that the email claims to be, and find out if it’s legitimate.