How to avoid online phishing

The complete guide

Not all phishing scams immediately look like they're after money or credit card details – some are simply designed to win your custom without you realising that you're leaving an existing supplier. Less reputable domain registration agents are among those who might write to the owners of domains approaching expiry, inducing them to click a link and renew their online property.

Rarely do they explain in anything but the smallest print that doing so will shift the domain away from your original registrar to themselves, leaving them free to apply new terms and conditions and potentially charge a higher price, either immediately or in the future.

How to avoid online phishing

Hovering over the link in this email reveals that it doesn't lead to UPS at all. Be particularly careful of any embedded links in emails from senders you don't trust

It can take up to a month to transfer a domain from one registrar to another, so be suspicious of emails of this type that arrive well in advance of your current registration period expiring – it's a sign that you're not dealing with your existing host.

If in doubt, log in to the domain management system of your existing provider and renew your domain there.

What to do next

First of all, don't even think about clicking any links in a scam or phishing email. That's the golden rule. Then, wherever possible, you should report it to any affected parties and in particular any organisations that its senders may be attempting to spoof.

We live in a world now where most banks and other financial institutions have dedicated email addresses to which you can report phishing scams (for HMRC, for example, it's phishing@hmrc.gsi.gov.uk). Type the organisation's name followed by phishing into Google, and the result you're looking for will almost always be in the top spot.

Forward the email in its entirety to the reporting address complete with its full headers, because these show the route that the message took to reach you, which can be useful digital forensic evidence. Most email clients suppress these for clarity by default, but you can usually expose them by clicking a small arrow near the subject line of the email.

Usefully, you can report phishing and spam emails directly in Gmail by picking those options from the Reply menu attached to each message.