How To Identify Phishing Emails: Protecting Your Business
Want to find out how to identify phishing emails and scams? We’re not surprised! Phishing emails are hardly a recent phenomenon – in fact, it remains one of the most common types of cyber warfare circulating the internet. However, in recent years, it’s become increasingly sophisticated. The complexities of modern phishing scams have made spotting phishing emails more difficult than ever.
Phishing emails can be incredibly harmful to businesses. As the attacks continue to increase in both impact and number, it seems no one is safe in today’s digital climate. This is where cyber security awareness training can be an enormous help in protecting your business from hacks, breaches and attacks.
What is a phishing email?
Phishing emails are a type of cyberattack that will request personal data such as bank details, usernames and passwords. They may encourage you or a member of your team to click a malicious link or download a harmful file. To do so, they’ll disguise themselves as a genuine email from a legitimate source in an attempt to fool the recipient.
How to identify phishing emails.
It is highly likely you and your employees will be encountering phishing attempts on a regular basis – sometimes even daily. It is critical that you know what to look for. Being able to tell the difference between a legitimate email and a phishing email can keep your business safe and secure, as well as prevent your well-meaning employees from falling foul of an online scam.
Check the display name and email address.
If you receive an email that doesn’t look quite right, the first thing to check is the display name and the email address.
The display name is the name you see in your email inbox when you receive an email. Ask yourself…
- Is the display name spelt correctly?
- It is formatted correctly and in a conventional manner, with a first name and a last name?
Although it’s quite easy to make a mistake when setting a display name, strange characters, poor use of grammar or spelling mistakes can suggest the sender is not who they say they are.
It’s important to not rely solely on the display name. This is because they can be easily manipulated by the person sending the email. As a result, another important step is checking the email address. Does it look legitimate? It is the same email previously used by another employee or company?
For example, if you have had an email conversation with Sam@Acme.com you should be wary if you receive a future email claiming to be from Sam with the email address Sam11@Acme-Corp.net.
Be wary of urgent requests.
It’s also important not to let any urgent requests sent via email rush you and your employees into a poor decision. However alarming or threatening an email might be, it’s important to take your time and calmly consider what is being asked of you in the email.
Your bank would never ask you to provide them with any personal information over email, in the same way, Microsoft would never ask you for the login information you use at work. However, these are easy mistakes to make when you’re feeling rushed and flustered.
Reread the email, check the address and display name, and then make a decision. Emails worded in an urgent manner are usually written to scare you and your employees into action, which can result in a foolish decision such as clicking a malicious link or giving away personal information.
In most urgent situations, someone would pick up the phone – especially in a business environment where time is critical. Ask yourself…
- In an urgent situation, how would you react if you were in need of assistance?
- Would you send an email and hope that the person is sitting at their computer?
Most likely, you would contact the person via phone and talk to them directly. As a result, any urgent requests sent over email should be treated with suspicion. Many phishing emails will mimic reputable organisations and personnel, so don’t rush and consider what the sender has asked of you.
Look for an email signature.
Most legitimate businesses will have an email footer. Also known as an email signature, an email footer is an image or selection of images that often contain a company logo and additional information such as a phone number and address. So if you receive an email from someone claiming to work at a reputable company who doesn’t have a legitimate-looking signature or footer, it’s important to check the address and display name before taking any further action.
If you’ve received emails from the sender in the past, you can also check back to see if they’ve used a signature previously. Ask yourself…
- Does the signature contain spelling mistakes?
- Are the telephone numbers and other contact details up to date?
- Is the logo correct?
Of course, an email signature can be easily replicated so it should never be used solely as proof of legitimacy. Nevertheless, it’s important to pay close attention to detail – even the smallest mistake could reveal phishing.
Never give away your personal information.
A legitimate company will never ask you to share personal information via email. Therefore, under no circumstances should you ever respond to an email with account details, passwords or any personal information such as your maiden name or banking information. This kind of data can give cybercriminals access to your accounts and even lead to identity fraud and theft.
Take a moment to consider the situation. If you wouldn’t share your personal information with a stranger you met on the street or someone who knocked on your front door one evening, don’t make the same mistake over email.
It’s always better to be safe than sorry when it comes to cyber security. Legitimate requests will have other means of contacting you, so try not to worry about inconveniencing or upsetting the sender.
Check how the email addresses you.
In a professional setting, most legitimate emails you receive should be addressed to you by name. As a result, it’s important to watch out for any emails addressed in a vague way such as sir, madam or simply hello. Although there will be situations where it isn’t appropriate to address an employee by their name, it’s important to be cautious when you receive a generic greeting.
If you’ve received an email from a specific person before, or are on friendly terms with them, there is little chance they would address you in an overtly formal manner. After all, email is a relatively casual means of communication, even in a professional environment. Ask yourself if they’re addressing you in a manner you’d expect – if you know the supposed sender well, it would be odd if they addressed you by your surname even if you hadn’t met them in person.
Look out for spelling mistakes.
Consider the process of writing an email in a professional setting. If you make a mistake, whatever email service you’re using will usually alert you to the error so you can fix it.
Everyone makes the odd spelling mistake here and there, but a higher number of errors can indicate an email you’ve received is phishing. If you suspect phishing, reread the email carefully to check if the sender has made any spelling or grammatical mistakes, such as using punctuation marks incorrectly. This is especially relevant if you’ve received an email claiming to be from a reputable source that is littered with mistakes. Other companies and organisations such as banks and building societies are highly unlikely to send you an email that contains easy-to-spot spelling issues.
Lastly, consider how the email is formatted. Does the email look like it has been written and put together by a human being? Is there strange spacing or use of punctuation you wouldn’t usually see? These kinds of issues are often tell-tale signs of an illegitimate email.
Contact the sender.
One way to verify the legitimacy of the sender is by calling the business that has sent you the email. However, you must only do so with extreme caution. Never use any phone numbers or links from within the email itself. Use a reputable source such as Google or Yell to verify the correct contact information.
For example, should you receive an email from your bank asking for details about a recent transaction you may have made, you can call the bank on a number you already have. You know the number is legitimate so there is no danger in asking them whether the email they sent is legitimate or otherwise.
How to report phishing emails.
If you’re suspicious of an email you’ve received, the first action you should take is to tell someone. Reread the email and check for signs that suggest it could be malicious. If you are unsure as to whether an email is legitimate, be cautious and act as if it is. Don’t allow the email to rush you into making any decisions and where possible, eliminate any doubt by asking for a second opinion. In a professional setting, there is as easy as turning to your co-worker, tapping them on the shoulder and asking for assistance. A second opinion could be the difference between falling foul of a phishing email or sending it straight to your spam folder.
If you and your co-worker decide the email does in fact have malicious intent, it’s important you do not click on any links, download any files or respond to the email. Phishing emails are often sent to a number of different addresses in the hope of getting just a few clicks or downloads. However, most of their attempts fall on deaf ears by landing in spam or inactive mailboxes. By responding to the email, you are telling those at the other end that your email address is active. As a result, you are likely to receive more phishing emails in the future.
Adopt a safety-first approach. If you suspect foul play, ignore the email and delete it – if you like you could also report it to your email provider or your business’s IT support partner.
Building cyber security awareness with Acronyms.
Phishing emails are not a new phenomenon – in fact, they continue to be one of the most prevalent forms of online cyber warfare. However, in recent years, phishing has evolved significantly. As a result, spotting phishing emails is more challenging than ever. This is largely due to the sophistication of modern phishing scams that often fool businesses and their employees by pretending to be legitimate companies.
If you are very worried about phishing emails or appear to be receiving a lot of malicious emails, you might want to speak with an IT support company. They will be able to help you verify the original source and confirm whether it’s malicious. Don’t be afraid of looking stupid and sounding silly – when in doubt, a professional IT expert should be able to put your mind at rest and help you spot malicious emails in the future.
The team at Acronyms have been helping large and small businesses alike with their cyber security since 2003. Our team of professional technicians, consultants and engineers offer a number of cyber security solutions for modern businesses, including bespoke patch management solutions and cyber security awareness training that can help your employees spot phishing and scams online. As a leading IT support provider, we can provide your business with the flexibility, agility and security it requires to thrive in the digital era.
If you would like more information about our cyber security services, please book a no-obligation consultation with the team today.
Alternatively, here are a number of resources you might find useful: