Reach your IT peak: How to spot a phishing email
One of the most common inlets for cyber-attackers is via email. In a recent study, it was revealed that the number of phishing attacks rose by 250% in the period between January to December 2018.
And, with another revealing these fraudulent emails prove the biggest headache for SME owners, it’s vital that businesses know how to spot them, to avoid any data interception, company downtime or potential GDPR fines.
From opening attachments and giving out personal details, to clicking on seemingly non-dodgy links, more companies than ever are being stung by easy-to-avoid cyber-attacks.
However, while clever online criminals are masters of deception and camouflage when it comes to making emails look legitimate, the devil really is in the detail – if you know what you’re looking for!
If you’ve received an email to your company inbox and you’re questioning its genuineness, here are seven tips to follow, to help you identify whether or not that the email in question is in fact a phishing scam…
Look closely at the sender
Now, without stating the obvious, it’s crucial you take note of the address the email has come from. All too often, we open texts, take calls and read emails without looking at the number or address it’s coming from – and this initial step could help prevent any cyber-trouble from happening.
So, what exactly are you looking for? Sometimes the sender name looks completely believable, while other times, the email address is clearly not only a complete disconnect to the sender but is also completely nonsensical – a mixture of letters and numbers which carry no logic.
However, while once upon a time phishing email addresses would have been easy to spot in this way – due to advanced tech and interception tactics – they are increasingly made to emulate trustworthy contacts – making it harder to spot anything untoward.
Often, malicious email addresses offer a slight variation on legitimate ones – to make them appear genuine at first glance. For example, your company email format could be firstname.lastname@example.org, whereas a bogus one could be email@example.com – pay attention to subtle details!
Assess the greeting
A simple yet effective marker. Companies often personalise their email correspondence to be addressed to the recipient – especially government and bank-related emails. In which case, if your greeting is overly generic and anonymised – e.g. Dear employee or customer – then you should be questioning whether the person or organisation contacting you really knows you at all.
Take note of the URLs
More often than not, phishing emails contain links for recipients to click – this can be how cyber-criminals then take over your system.
A lot like a wolf in sheep’s clothing, on the surface, an embedded link within the body of the email may appear authentic, yet a quick hover over it – without clicking! – can sometimes reveal a rather odd-looking hyperlinked address.
It goes without saying that if the URL in the email looks different when you place your cursor over it, it’s more than likely to be malicious, intending to divert you to a site which can intercept system information.
Keep your eyes peeled for schoolboy errors
This is an interesting one. As you know, brand image is important when it comes to the world of business and gaining a competitive advantage. If a company’s website is littered with spelling mistakes, it often puts consumers off – making them believe the service or product is either below-par or untrusted – because there’s an apparent lack of attention to detail.
Now, there may be the odd mistake – organisations are human – but if the email is saturated with misspelled words or features irrelevant symbols interspersed within the copy, this should set the alarm bells ringing in your head.
Don’t be scaremongered by empty threats
From notifications that your account has been hacked and needs the password resetting, to details being outdated and requiring updating, online scammers are well-versed at tapping into the anxiety and fear of employees.
For example, if a staff member receives an email from a sender posing as someone from the HR team, stating their personal details are incorrect and they won’t be paid that month unless they’re updated, this is likely to cause concern and stimulate irrational action from the recipient.
Therefore, if there’s any threatening language or if the message is overly urgent, double-check with your HR team, bank, relevant government department etc. before any hasty clicking or data inputting commences!
Leave attachments well alone
As well as URLs, attachments from unknown senders are another sneaky tactic online-criminals can use to access sensitive information.
By clicking on and downloading mysterious files, this can allow a virus to infect your IT systems – corrupting files, revealing critical data and intercepting passwords, to name but a few consequences.
Notice how the email ends
The concluding part of an email is just as important as the start, so if the sign-off looks a little out-of-sorts, it probably is!
If a legitimate company is contacting you for any reason, the email would be signed off by the relevant person and would clearly label how to contact them. Quite regularly, scam emails don’t feature this – because there’s no one to contact.
It goes without saying that being vigilant and not clicking any links or attachments is an effective way to prevent phishing attacks from taking hold of your systems, but equally important – because we’re all human – is having measures in place to expose and filter out such correspondence in the first place.