We have all heard of phishing emails, an online scamming method where criminals send an email asking for sensitive or confidential information, that appears to be from a legitimate company. Phishing derives from the word fishing, playing on how criminals lure you in using bate, waiting for you to bite and provide information that can lead to theft, identity fraud and much more. But how to spot a phishing email?
Regardless of the size of your business, you are vulnerable to becoming a victim of phishing emails, as criminal’s continually craft new and sophisticated methods to reach employees, across the globe. Reports show that 43% of cyber-attacks and data breaches are on SMEs, so even organisations with fewer employees are still at risk.
It’s a given that you handle sensitive information daily, not only belonging to you, but your staff, your clients, and your general business. Keeping this safe is vital, as 60% of SMEs reportedly will go out of business within 6 months of a cyber-attack.
If you read last week’s post advising 3 simple steps to prevent cyber security risks for your business, you’ll already know there’s a wide range of complex cyber-attack tactics used today that put your company at threat of losing sensitive data. This could damage not only your business and those affected but your reputation too.
Unsurprisingly, over 80% of all cyber-attacks reported by businesses in 2019 were phishing emails. Email remains, to this day, the most vital platform for all business communication. Most employees across a vast range of industries will begin every day by checking their emails. But with so many coming in each day, how can we spot what’s real and what’s not?
Here are some tips around how to spot a phishing email in your inbox…
The email requests personal information
An email arrives in your inbox from a familiar company. Their logo is there in the left-hand corner, as always. As are the links to their website, their email signature, and all other visual components that come with standard emails from this organisation.
But the email is asking you to confirm personal or sensitive information, by clicking a link or downloading an attachment. Red flag.
Legitimate companies will not ask you to confirm passwords or credit card information via email.
What to do?
Contact the organisation directly through your account manager or via the telephone and confirm that this communication has come from them. Never provide sensitive information via email.
The email is not using your name
If you’re a frequent customer with a company, spending money or communicating with them regularly, chances are they will address you by your name in all forms of communication.
Phishing emails, however, will not. They may address you using generic salutations, such as “Dear account holder” or “Dear customer” or even “Dear valued member”.
This may be a sign that this email is a scam, so be careful not to engage with any links or downloads asking for personal information to be updated, or anything of that nature.
What to do?
Head to the company website and log in via the proper portal. If information is required to be updated, a legitimate organisation will inform you via the appropriate platform and not expect such details to be shared via email.
The email is not using a genuine domain
The name of the sender appears to be normal, so everything is fine, right?
Incorrect. Hackers are extremely clever at making all parts of the email fit with the norm, so be sure to investigate further than just the name of the sender.
Hover over the “from address” to ensure there are no abnormalities in the email address. For instance, a hacker may take a standard email address such as [email protected] and change it to [email protected] Close enough to fool some who may look past such details.
What to do?
Check your inbox for previous communications from this organisation and see if these emails match. If the organisation appears to have always use varied domains, then reach out to the general [email protected] email provided on the company’s website, to ensure this communication was from them.
The email includes spelling errors
This is a really common telltale sign in many phishing emails and an easy one for you to look out for.
Chances are any companies you interact with will write grammatically correct emails. However, hacking emails regularly leave a trail of bad grammar or spelling mistakes to lead the vulnerable into their traps. This could include misspelt or uncapitalised words, double spaces or breaks in paragraph mid-sentence and even unformatted text.
Many believe that hackers may leave typos on purpose, preying on those who are less observant, as they are ultimately easier targets.
What to do?
Delete the email from your inbox and don’t engage any further. If the email was from a legitimate organisation, chances are they will send a follow-up correcting their errors.
The email contains unsolicited attachments
Attachments sent in phishing emails could be anything from file-encrypting malware ZIP files or all too familiar PDFs. Ensuring that you open this file is all the hacker is trying to achieve, so the email won’t look concerning at first glance.
Spotting unsolicited attachments is tricky, as many organisations may like to send you a white-paper or guide in this format. However, there will be many companies that don’t regularly communicate with you this way and they will be ones to look out for.
What to do?
When in doubt, phone your contact at this organisation directly. They will be able to confirm if this attachment is intended for you and thus, safe to download.
Train your employees to spot phishing emails
If you partner with an IT support provider, like Virtuoso, you will have the opportunity to protect your organisation from such cyber-attacks using a vast range of cyber security products.
However, even with the most advanced security in place, it might only take one untrained employee to be fooled by a phishing email, which could put your organisation at risk.
With our cyber security package, not only will you receive the latest, most sophisticated email-based cyber security product, detecting and responding to potential threats. But your staff will also be given valuable training, teaching them how to respond to hacking threats, fake emails and general security attacks and what the correct procedures are around handling your business’s sensitive data.