While some are super easy to spot (we’re talking mysterious royals with terrible spelling offering you billions of pounds to simply click their link), others can be harder to detect and can easily fly under the radar.

Our team has identified some small things that you can look out for and best practice habits to ensure you don’t fall victim to a malicious email.

What is a phishing email?

One of the best ways to avoid falling prey to a phishing email is to first educate yourself about them, what they are hoping to achieve and how they work.

Phishing is a method that hackers use to try and trick ordinary people into providing personal details, bank details, access to devices or networks, or money.

They do this by creating copycat emails designed to look like legitimate people, businesses or organisations.

It is worth noting that phishing isn’t a practice that is exclusive to emails. Phone calls, text messages and even some postal communications can be phishing for your details.

Common phishing attacks will aim to look like an individual’s bank, courier service, online shopping outlet or a Government agency such as HMRC.

A lot of phishing tactics use fear to try to persuade unsuspecting individuals to act quickly, without thinking things through or looking too closely at the fake email. This could include threats of accounts being closed or compromised, or even police action being taken.

It is very unlikely that HMRC will email you threatening arrest, so stay calm and fully evaluate the email in front of you without making any hasty clicks!

Spelling and grammar

One of the easiest ways to spot a phishing email is through spelling mistakes and grammar issues.

If you suspect an email is fake, read through it carefully and identify any errors. These may be minor, but they can be a useful indicator that an email is fraudulent.

Some fraudsters are very good at disguising discrepancies, so give the email a thorough check before taking any action.

Also check logos and company names. For example, two letter ‘N’s next to one another can easily be read as an ‘M’ at a glance. Or a zero as the letter ‘O’.

Source: PhishLabs

Too good to be true

If you receive an email that seems too good to be true, then it probably is! It is very unlikely that your bank will email you about winning millions of pounds. Be wary of any offers that arrive in your inbox.

While lots of brands do communicate offers and deals via email, keep a look out for any that seem to go above and beyond and always check their websites for corresponding messaging.

Source: Scam Detector

Personal details

Spot a phishing email by identifying what it is asking you to do. If it is asking you to provide personal details (such as address, bank details, national insurance number, etc), it is probably spam.

We recommend you contact the alleged sender via another method (for example a phone call or live chat feature on the legitimate site) to determine if the request is genuine.

All major organisations should have records of emails and requests for information so will be able to advise you on how to proceed.

Check and check again

Always double check emails before sending any information or clicking any links. You may have missed a vital clue in the first read, so give it a second look for good measure.

A handy tip is to check both the display name and the email address. When viewing emails on a mobile device, it is often just the display name that is visible at a first glance, which offers hackers a simple way to hide.

Check the email address before proceeding. People generally know the email addresses and domain names of their bank providers and any other businesses or organisations they use, so it can be easy to spot any fakers!

Source: DPD Local

Click savvy

If you think an email is suspicious, please do not click the link. If you want to check the message out by heading to an official site, do so by opening up an independent, secure browser and visit the site directly – do not click the link in the email.

Another useful tip is when you see a suspicious link, simply move your mouse pointer over the link, BUT DO NOT CLICK IT!

This will show you the true destination. If you click the link, these are often harvesting web sites which seek to secure more of your personal data. When cyber criminals have your data, its highly likely you will become the target of an exponential attack rate since your details will likely be traded with other malicious criminals and the circle continues.

Sometimes one click is all it takes for hackers to gain access, so don’t give them that opportunity! Head directly to the site on your own browser.

When it comes to suspicious attachments, we advise you reach out to whoever is supposedly sending them and verify that they are legitimate and safe. We also offer a FOC quarantine service to our clients to advise in these circumstances.

This can often occur in the workplace, so if a random attachment lands in your inbox that you were not expecting, the best thing to do would be to ask the person directly if it is truly them.

To avoid any issues, we suggest alerting someone if you need to send them an attachment and advise what method you will use to send this.

When you know what to look out for, it can be easy to spot a phishing email. Fraudsters often depend on quick, hurried actions so take your time and examine what is in front of you.

We work closely with security provider KnowBe4, with our clients using this platform to train staff on cyber security issues with increased awareness and accountability. Tools like this are fantastic to help minimise the costs of data loss and identify theft, all while helping employees to be more vigilant and aware of potential cyber threats.

For more information on KnowBe4 and how it can be implemented in your business, get in touch with our team via info@probado.co.uk.

The post Spotting spam: how to identify a phishing email appeared first on IT Support Services in Huddersfield, Yorkshire.

Invisable Attacker

In a phishing scam, described by cyber security expert and bug bounty hunter, Craig Hays as the greatest password theft he’s ever seen, the culprit was somehow able to fly under the radar, undetected even by the experts. In a blog for Medium.com, Craig explained: “A typical phishing email comes from an email address you’ve never seen before. In this attack, however, all of the phishing links were sent as replies to emails in the compromised account’s mailbox. This gave every email an inherited sense of trust.”

The attacker used established email trails and trusted email addresses to trick victims into clicking. The original, legitimate email thread was maintained, also using the ‘reply all’ option to ensure everybody who was involved continued to receive the messages. This disguise within a legitimate conversation allowed the hacker to reply unnoticed and become part of an existing conversation.

So, how did Craig stop it? “We identified a pattern in the URL of the phishing pages being linked to which we could use to block them. Then we promptly rolled out Multi-Factor Authentication to anyone who didn’t have it.”

Multi-factor authentication (MFA) is a vital tool to help defend against cybercriminals, this can include factors such as pin codes, biometrics or card readers, in addition to a password.

Hollywood Horrors

In the world of IT, even famous figures are not untouchable. McAfee revealed that a group of celebrities were being used as bait for some dangerous cyberattacks. The security firm’s research found that searches for big names including Ricky Gervais, Ruth Jones, and Tom Hardy were to blame for leading people to suspicious sites. Graham Norton’s name was found to be the most likely term used by hackers to lure people into clicking on unsafe sites and potentially harmful pages.

McAfee fellow, Raj Samani said: “’We know that online criminals use consumers’ fascination with celebrity culture to drive unsuspecting fans to malicious websites that install malware on their devices. As cybercriminals continue to implement deceptive practices such as fake sites claiming to offer free content, it is crucial that fans stay vigilant about protecting their digital lives and think twice before clicking.”

Scary Speakers

Smart speakers and other devices are now commonplace in the home, but are they getting a little too comfortable? Back in 2018, Amazon received numerous reports that their Alexa smart speakers were laughing at random times, completely unprompted. The scary chuckle was freaking out users across the world. Amazon has since explained that the device was mishearing what it believed to be the command, ‘Alexa, laugh’ and acting on that. The company has since reprogrammed the speakers to respond to the phrase, ‘Alexa, can you laugh?’ a clearer command with less chance of being misinterpreted.

An Amazon spokesperson said: “We are also changing Alexa’s response from simply laughter to ‘sure, I can laugh’ followed by laughter.”

We hope these spooky stories from the world of IT have got you in the Halloween mood, but remember there is a moral to every story. Whether that be to enable Multi-Factor Authentication or to be wary of inviting robots into your home, our team is here to help with any scary IT issues that may arise, get in touch here.

The post Spooky Stories: Horror Stories from the World of IT appeared first on IT Support Services in Huddersfield, Yorkshire.