May 27

5 Ways To Identify Phishing Emails


5 Ways To Identify Phishing Emails

A phishing attack is a type of online scam by which cybercriminals send emails appearing to be from a legitimate source, such as a recognised and trusted business or colleague. It’s designed to lure users into providing sensitive information or may include malware. Phishing is popular because it gives criminals direct access to the most vulnerable part of any network – the users. According to Iconsclales 2017 Email Security Report, 90% of successful cyber attacks trace back to phishing emails, so it’s important you and your employees know how to recognise a fraudulent email.

Check the source

A favourite tactic used is sender or domain spoofing. The display name shown from the email header may look familiar, perhaps a colleague or recognised business. However, take a close look at the full email address or the email properties. The sender address may be misspelt or slightly altered but may resemble a well-known domain. Even if the mail comes from a trusted source, were you expecting this email? Does the purpose of the email match who the sender appears to be?

Check the content

Read through the entire email before clicking anything. Often the language is a giveaway for phishing emails so check for spelling and grammatical errors. Emails from legitimate companies are always constructed in a professional manner and will rarely have typos. However, do not judge an email solely on the language and tone. Over the years, cybercriminals have become more sophisticated, and often, the body of the email can look very convincing.

Attachments & Links

Although click rates have come down, many users still get caught out with attachments and links. Attachments can contain malicious malware that can be installed onto your PC and network from just one click, so do not open unexpected attachments. Before clicking any hyperlink hover over it and check the address. If it is different from what’s displayed or if it looks like a misspelling of a familiar domain name, then it’s probably fraudulent. Even if the web address is HTTPS, this does not indicate the site is legitimate. It only means the website communications are encrypted, and as of 2018, 50% of phishing sites were using HTTPS.

Is the email threatening?

The types of phishing campaigns that are most successful are ones that invoke a sense of urgency or threat, so you will be inclined to act without thinking. The email may make claims such as “Your account will be deactivated…please take the necessary action” or “If you do not verify your account, we will be forced to block it”. Legitimate companies would rarely address their customers like this, but if you are concerned, contact the company directly to confirm the status of your account.

What is the purpose of the email?

No matter where the email is sent from or how official it looks, nobody should ask you to send them personal information over email. If it’s an offer of something, think about what you are being promised, and if it sounds too good to be true, it probably is. Just because an email has convincing brand logos, language and a seemingly valid email address does not mean you should provide any information or click on any links. Be cautious and report any suspicious emails to your IT department.

Next steps…

Despite spam filtering and email authentication methods, phishing emails will still reach inboxes. Training users how to detect and react to these threats will help protect you and your business. To establish how vulnerable your employees are, you can run Simulated Phishing Attacks. The results will enable you to take immediate remedial action if it’s needed. To find out more about running simulating phishing phone us on 0131 208 0080 or fill out our contact form and we’ll quickly get back to you.


Loved this? Spread the word

Related posts

How proactive monitoring will help your business weather any storm

Read More

Why outsourced IT always beats DIY

Read More

Protect your business from these cyber security threats in 2024

Read More

How can you keep your team’s home offices safer?

Read More
Leave a Repl​​​​​y

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Need reliable IT support in Edinburgh?

Book a call with our lead technician.

No salespeople, no obligation

Free, genuine advice

30 minutes chat

Simon McCullagh, founder and lead technician of Digital Orchard IT

Simon McCullagh