How To Identify Phishing Emails: Spot Phishing Scams and Protect Your Business
Phishing emails are not a recent phenomenon – in fact, phishing emails and phishing attacks are some of the most common types of cyber warfare and online digital scams across the internet.
However, in recent years, phishing scams and emails have become increasingly sophisticated and harder to spot.
The complexities of modern phishing email scams have made identifying phishing emails more difficult than ever. Phishing emails can be incredibly harmful to businesses of all types. As these damaging phishing scams and cyber attacks continue to increase in scope and scale, it seems no one is safe in today’s online digital climate.This is where cyber security awareness training can be an enormous help in protecting your business from phishing hacks, breaches and attacks.
In this article we’ll outline some essential information on phishing emails, how to recognise a phishing scam and what you can do to prevent phishing hacks from threatening your business, your staff and customers.
What is a phishing email?
Phishing emails are a type of digital cyber attack that will request personal data such as bank details, usernames and passwords. They may encourage you or a member of your team to click a malicious link or download a harmful file. To do so, they’ll disguise themselves as a genuine email from a legitimate source in an attempt to fool the recipient.
Phishing hacks and emails have become far more sophisticated and harder to spot in recent years and the damage they cause can be catastrophic to your business.
This is why it is so important that you and your team are confident in spotting and dealing with phishing emails quickly and efficiently.
How to spot and identify email phishing.
How can you learn to identify phishing emails and scams and avoid potential cyber attacks?
Caution is the key to dealing with potential cyber threats like emails you suspect are phishing for private information and data. It is highly likely you and your employees will be encountering phishing attempts on a regular basis – sometimes even daily.
It is critical that you know what to look for. Being able to tell the difference between a legitimate email and a phishing email can keep your business safe and secure, as well as prevent your well-meaning employees from falling foul of an online scam.
What are the top 7 tips for identifying phishing emails and phishing scams?
Check the display name and email address.
If you receive an email that doesn’t look quite right, the first thing to check is the display name and the email address. The display name is the name you see in your email inbox when you receive an email and it can be an easy way to spot a phishing scam. Be cautious and ask yourself…
- Is the display name spelt correctly?
- It is formatted correctly and in a conventional manner, with a first name and a last name?
Although it’s quite easy to make a mistake when setting a display name, strange characters, poor use of grammar or spelling mistakes can suggest the sender is not who they say they are and can signify that the message is part of a cyber scam.
It’s important to not rely solely on the display name. This is because they can be easily manipulated by the person sending the email.
As a result, the next important step is checking the email address. Does it look legitimate? Is it the same email address previously used by another employee or company. For example, if you have had an email conversation with Sam@Acme.com you should be wary if you receive a future email claiming to be from Sam with the email address Sam11@Acme-Corp.net.
Be wary of urgent requests for information.
Urgency and a demand for private information because of a specific ‘time pressure’ is another way that email scammers and phishing emails can cause havoc. It’s also something you can use to spot a scam email.
It’s important not to let any urgent requests sent via email rush you and your employees into a poor decision. However alarming or threatening an email might be, it’s important to take your time and calmly consider what is being asked of you in the email.
Your first question should always be, does this request sound authentic?
Your bank would never ask you to provide them with any personal information over email, in the same way, Microsoft would never ask you for the login information you use at work. However, these are easy mistakes to make when you’re feeling rushed and flustered.
Reread the email, check the address and display name, and then make a decision. Emails worded in an urgent manner are usually written to scare you and your employees into sending a rapid response often with a request to share private or valuable data without checking first.
Rushing and panicking can also result in a foolish decision such as clicking on a malicious link that downloads malware or giving away sensitive personal information.
In an urgent situation that requires an immediate response, the majority of authentic requests would usually come via a phone call. Someone would contact you directly, especially in a business environment where time is critical and the data being requested could be of a sensitive nature.
When you receive an email that demands a rapid response or sounds threatening, ask yourself…
- In an urgent situation, how would you react if you were in need of assistance?
- Would you send an email and hope that the person is sitting at their computer?
In most cases you would contact the person via phone and talk to them directly. As a result, any urgent requests sent over email should be treated with suspicion. Many phishing emails and cyber scams try to sound authentic and genuine by mimicking reputable organisations and personnel.
Some offer links to click on to share the requested information. Look closely at the domain name or URL offered but do not click on anything. It’s better to call the company directly or visit the website that you know to be their official online space than click on a link you are not 100% certain about.
The key is to stay calm, reread the email and don’t rush. Consider what the sender has asked of you and whether it sounds like an authentic request or if the email has some of the hallmarks of being a phishing scam.
Look for an email signature.
Most legitimate businesses will have an email footer. Also known as an email signature, an email footer is an image or selection of images that often contain the up to date company logo as well as additional information such as the sender’s name and job title, a phone number and address.
If you receive an email from someone claiming to work at a reputable company who doesn’t have a legitimate-looking signature or footer, it’s important to check the address and display name before taking any further action.
If you’ve received emails from the sender in the past, you can also check back to see if they’ve used a signature previously.
Again, take time to reread the email, double check the points listed above and ask yourself…
- Does the signature contain spelling mistakes?
- Is the company logo correct and up-to-date?
- Are the telephone numbers and other contact details correct?
Of course, an email signature can be easily replicated in a sophisticated cyber scam, so it should never be used solely as proof of legitimacy.
Nevertheless, it’s important to pay close attention to detail – even the smallest mistake could reveal a phishing attack or attempt.
Never give away your personal information.
A legitimate company will never ask you to share personal information or sensitive data via email. Your bank will contact you by phone and provide evidence they are who they say they are before asking you for information. Microsoft will never ask you to share passwords via email. Genuine companies have strict procedures for requesting and sharing personal data and so requests that seem unusual should be treated with caution and suspicion.
Under no circumstances should you ever respond to an email with account details, passwords or any personal information such as your maiden name or banking information. This kind of data can give cybercriminals access to your accounts and even lead to identity fraud and theft.
Take a moment to consider the situation. If you wouldn’t share your personal information with a stranger you met on the street or someone who knocked on your front door one evening, don’t make the same mistake over email. You should never download any files or attachments from emails that look or sound suspicious as this can have a widespread negative impact across your company’s network and lead to data loss or theft.
It’s always better to be safe than sorry when it comes to cyber security. Legitimate requests will have other means of contacting you, so try not to worry about inconveniencing or upsetting the sender.
Check how the email addresses you.
In a professional setting, most legitimate emails you receive should be addressed to you by name. As a result, it’s important to watch out for any emails addressed in a vague way such as sir, madam or simply hello.
Although there will be situations where it isn’t appropriate to address an employee by their first name, it’s important to be cautious when you receive a generic greeting. Phishing and scam emails are sent out in their billions with the expectation that a tiny percentage will be successful.
This means that they are often very generic in terms of the way they are addressed and written so that they appeal to more recipients with little or no effort from the malicious sender. It would be very odd if an email addressed you simply by your surname, even if you hadn’t met the sender so you should always treat these emails with a high degree of caution as they are very likely to be a phishing one from a scammer.
If you’ve received an email from a specific person before, or are on friendly terms with them, it’s not likely that they will suddenly address you in a more formal manner. Nowadays, email is a relatively casual means of communication, even in a professional environment. So if you know the supposed sender well, ask yourself whether they are addressing you in the way you would expect from other email conversations.
Look out for spelling mistakes.
Consider the process of writing an email in a professional setting. If you make a mistake, whatever email service you’re using will usually alert you to the error so you can fix it before sending it.
Everyone makes the odd spelling mistake here and there, but a higher number of errors can indicate an email you’ve received is a phishing attempt. You can often identify phishing emails through poor spelling, grammatical and multiple obvious errors especially if the email purports to originate from a legitimate sounding company.
If you suspect a phishing attack or scam email, reread the message carefully to check if the sender has made any spelling or grammatical mistakes, such as using punctuation marks incorrectly.
This is especially relevant if you’ve received an email claiming to be from a reputable source that is littered with mistakes. Other companies and professional organisations such as banks, building societies, software firms and well known brands are highly unlikely to send you an email that contains easy-to-spot spelling issues.
Lastly, consider how the email is formatted. Does the email look like it has been written and put together by a human being? Is there strange spacing or use of punctuation you wouldn’t usually see? These kinds of issues are often tell-tale signs of an illegitimate email written by someone unfamiliar with correct formatting or potentially created en masse by scam or spamming software to phish for sensitive and personal data.
Contact the sender.
One way to verify the legitimacy of the sender is by calling the business that has sent you the email. However, you must only do so with extreme caution. Never use any phone numbers or links from within the email itself. Use a reputable source such as Google or Yell to verify the correct contact information and website address for the business.
For example, if you receive an email from your bank asking for details about a recent transaction you may have made, you can call the bank on a number you already have or visit their official website and contacts page to get the legitimate helpline number.
It may take more time but caution is always the key in cases like this and it is always better to be safe than sorry. Phishing scams, malicious and predatory emails are becoming harder to spot as scammers and cyber criminals get wise to the tips we all use to spot them. Always use your common sense and best judgement when dealing with digital communication that you feel doesn’t look or sound legitimate.
Take your time and double check everything and never click on links, URLs or visit domains that don’t look, sound or feel genuine.
How to report a phishing email/phishing attack.
If you’re suspicious of an email you’ve received, the first action you should take is to tell someone. Report it to your IT team or email service provider as quickly as possible and do not link on any of the links in the message. The majority of email services have quick and simple ways to log emails as spam, junk or as phishing.
If you are uncertain, work through the 7 top tips for spotting phishing scams, cyber attacks and malicious emails that we have outlined above to help you recognise potentially dangerous, phishing messages.
Always be cautious and act as if the email is a scam and don’t allow the email to rush you into making any decisions and where possible, eliminate any doubt by asking for a second opinion.
In a professional setting, this can be as easy as turning to your co-worker, tapping them on the shoulder and asking for their thoughts on it. They may have also received a similar phishing email and it could be an indication of a larger company wide issue. Reporting malicious, scam or phishing emails quickly can help to mitigate bigger problems.
A second opinion could be the difference between falling foul of a phishing email or sending it straight to your spam folder.
If you and your co-worker decide the email does in fact have malicious intent, it’s important you do not click on any links, download any attachments or respond to the email.
Phishing emails are often sent to a number of different addresses in the hope of getting just a few clicks or downloads. However, most of their attempts fall on deaf ears by landing in spam or inactive mailboxes. By responding to the email, you are telling those at the other end that your email address is active. As a result, you are likely to receive more phishing emails in the future.
Adopt a safety-first approach. If you suspect foul play, ignore the email and delete it, or report it to your email provider or your business’s IT support partner.
Building cyber security awareness with Acronyms.
Phishing emails are not new but they are getting more sneaky and potentially more harmful.
Scammers are using better communication styles, genuine sounding URLs and domain names, doing more research and contacting more people than ever before.
It’s our job to stay on top of these advances in malicious communications, cyber attacks and phishing threats and rise to meet the challenge of spotting phishing emails quickly and dealing with them efficiently.
If you are worried about phishing emails or if your organisation appears to be receiving a lot of malicious emails, it can help to get up-to-date professional guidance from an experienced IT support company.
They will be able to help you verify the original source and confirm whether it’s malicious. Don’t be afraid of looking stupid and sounding silly – when in doubt, a professional IT expert will be able to put your mind at rest and help you spot phishing emails in the future. Helping you to avoid threats and digital attacks and ensuring your personal data stays private.
The team at Acronyms have been helping large and small businesses alike with their cyber security since 2003. Our team of professional technicians, consultants and engineers offer a number of cyber security solutions for modern businesses, including bespoke patch management solutions and cyber security awareness training that can help your employees spot phishing and scams online.
As a leading IT support provider, we can provide your business with the flexibility, agility and security it requires to thrive in the digital era.
If you would like more information about our cyber security services, please book a no-obligation consultation with the team today.