Reach your IT peak: How to spot a phishing email

Senior Support Analyst

Fav thing about the office

Cheesecake Wednesdays

As a child I wanted to be a ... when I grew up

Solicitor

Guilty Pleasure(s)

Gu Puds

Favourite Holiday

2 weeks in Florida

If I had a superpower it would be...

Definitely flying

Describe yourself in three words or less

Lots of Energy

An interesting fact about me

I was once the South Ribble Chess Champion.

Likes

Exercise, Muay Thai, Singin' in the rain

Favourite Band

Its not about the artist its about the style

Karaoke Jam

Vengabus- Vengaboys

What I do at Q2Q:

I head up the IT support team.

On a daily basis I work on resolving IT issues for our clients. My skill set tends to adapt according to the current needs of our customers, from solving basic matters like fixing a printer through to more complex server infrastructure deployment. I am also often out on site visiting customers that are in need of an IT saviour.

Within the team, I work on the proposals for new and existing customers, and ensure we all work together to implement the solutions we propose.

I enjoy overseeing new projects so that, when clients evolve, we can ensure their growth, office move and/or induction of a new team member, is as seamless as possible from an IT perspective.

I also drive the rest of the team insane with my singing!

Background and Achievements

I joined the Q2Q team when they were part of the I.T. department for the Tulchan Group 14+ years ago. This was my first full-time role straight of out A-levels. I have enjoyed being part of the company and watching it grow from 3 members of staff to a blossoming 10.

I find it hard to pin point specific achievements as one of my values personally is to always exceed your own expectations. My wife would say being a great Dad to my two boys.

A great achievement for me is getting 76 miles to the gallon on the motorway and being able to finally grow stubble.

Hobbies and Interests

I aim to train in Muay Thai twice a week and religiously go to the gym every day I can.

I can juggle and have always wanted to learn knife throwing.

One of the most common inlets for cyber-attackers is via email. In a recent study, it was revealed that the number of phishing attacks rose by 250% in the period between January to December 2018.

And, with another revealing these fraudulent emails prove the biggest headache for SME owners, it’s vital that businesses know how to spot them, to avoid any data interception, company downtime or potential GDPR fines.

From opening attachments and giving out personal details, to clicking on seemingly non-dodgy links, more companies than ever are being stung by easy-to-avoid cyber-attacks.

However, while clever online criminals are masters of deception and camouflage when it comes to making emails look legitimate, the devil really is in the detail – if you know what you’re looking for!

If you’ve received an email to your company inbox and you’re questioning its genuineness, here are seven tips to follow, to help you identify whether or not that the email in question is in fact a phishing scam…

Look closely at the sender

Now, without stating the obvious, it’s crucial you take note of the address the email has come from. All too often, we open texts, take calls and read emails without looking at the number or address it’s coming from – and this initial step could help prevent any cyber-trouble from happening.

So, what exactly are you looking for? Sometimes the sender name looks completely believable, while other times, the email address is clearly not only a complete disconnect to the sender but is also completely nonsensical – a mixture of letters and numbers which carry no logic.

However, while once upon a time phishing email addresses would have been easy to spot in this way – due to advanced tech and interception tactics – they are increasingly made to emulate trustworthy contacts – making it harder to spot anything untoward.

Often, malicious email addresses offer a slight variation on legitimate ones – to make them appear genuine at first glance. For example, your company email format could be employeename@company.com, whereas a bogus one could be employeename@company123.com – pay attention to subtle details!

Assess the greeting

A simple yet effective marker. Companies often personalise their email correspondence to be addressed to the recipient – especially government and bank-related emails. In which case, if your greeting is overly generic and anonymised – e.g. Dear employee or customer – then you should be questioning whether the person or organisation contacting you really knows you at all.

Take note of the URLs

More often than not, phishing emails contain links for recipients to click – this can be how cyber-criminals then take over your system.

A lot like a wolf in sheep’s clothing, on the surface, an embedded link within the body of the email may appear authentic, yet a quick hover over it – without clicking! – can sometimes reveal a rather odd-looking hyperlinked address.

It goes without saying that if the URL in the email looks different when you place your cursor over it, it’s more than likely to be malicious, intending to divert you to a site which can intercept system information.

Keep your eyes peeled for schoolboy errors

This is an interesting one. As you know, brand image is important when it comes to the world of business and gaining a competitive advantage. If a company’s website is littered with spelling mistakes, it often puts consumers off – making them believe the service or product is either below-par or untrusted – because there’s an apparent lack of attention to detail.

Now, there may be the odd mistake – organisations are human – but if the email is saturated with misspelled words or features irrelevant symbols interspersed within the copy, this should set the alarm bells ringing in your head.

Don’t be scaremongered by empty threats

From notifications that your account has been hacked and needs the password resetting, to details being outdated and requiring updating, online scammers are well-versed at tapping into the anxiety and fear of employees.

For example, if a staff member receives an email from a sender posing as someone from the HR team, stating their personal details are incorrect and they won’t be paid that month unless they’re updated, this is likely to cause concern and stimulate irrational action from the recipient.

Therefore, if there’s any threatening language or if the message is overly urgent, double-check with your HR team, bank, relevant government department etc. before any hasty clicking or data inputting commences!

Leave attachments well alone

As well as URLs, attachments from unknown senders are another sneaky tactic online-criminals can use to access sensitive information.

By clicking on and downloading mysterious files, this can allow a virus to infect your IT systems – corrupting files, revealing critical data and intercepting passwords, to name but a few consequences.

Notice how the email ends

The concluding part of an email is just as important as the start, so if the sign-off looks a little out-of-sorts, it probably is!

If a legitimate company is contacting you for any reason, the email would be signed off by the relevant person and would clearly label how to contact them. Quite regularly, scam emails don’t feature this – because there’s no one to contact.

It goes without saying that being vigilant and not clicking any links or attachments is an effective way to prevent phishing attacks from taking hold of your systems, but equally important – because we’re all human – is having measures in place to expose and filter out such correspondence in the first place.

If you’d like to speak to one of our team about the best cyber-security strategy for your business, give our friendly bunch a call!

Reach your IT peak: How to spot a phishing email