Spotting spam: how to identify a phishing email
Phishing emails have become increasingly common and are now often accepted as part of our day-to-day lives online.
While some are super easy to spot (we’re talking mysterious royals with terrible spelling offering you billions of pounds to simply click their link), others can be harder to detect and can easily fly under the radar.
Our team has identified some small things that you can look out for and best practice habits to ensure you don’t fall victim to a malicious email.
What is a phishing email?
One of the best ways to avoid falling prey to a phishing email is to first educate yourself about them, what they are hoping to achieve and how they work.
Phishing is a method that hackers use to try and trick ordinary people into providing personal details, bank details, access to devices or networks, or money.
They do this by creating copycat emails designed to look like legitimate people, businesses or organisations.
It is worth noting that phishing isn’t a practice that is exclusive to emails. Phone calls, text messages and even some postal communications can be phishing for your details.
Common phishing attacks will aim to look like an individual’s bank, courier service, online shopping outlet or a Government agency such as HMRC.
A lot of phishing tactics use fear to try to persuade unsuspecting individuals to act quickly, without thinking things through or looking too closely at the fake email. This could include threats of accounts being closed or compromised, or even police action being taken.
It is very unlikely that HMRC will email you threatening arrest, so stay calm and fully evaluate the email in front of you without making any hasty clicks!
Spelling and grammar
One of the easiest ways to spot a phishing email is through spelling mistakes and grammar issues.
If you suspect an email is fake, read through it carefully and identify any errors. These may be minor, but they can be a useful indicator that an email is fraudulent.
Some fraudsters are very good at disguising discrepancies, so give the email a thorough check before taking any action.
Also check logos and company names. For example, two letter ‘N’s next to one another can easily be read as an ‘M’ at a glance. Or a zero as the letter ‘O’.
Too good to be true
If you receive an email that seems too good to be true, then it probably is! It is very unlikely that your bank will email you about winning millions of pounds. Be wary of any offers that arrive in your inbox.
While lots of brands do communicate offers and deals via email, keep a look out for any that seem to go above and beyond and always check their websites for corresponding messaging.
Personal details
Spot a phishing email by identifying what it is asking you to do. If it is asking you to provide personal details (such as address, bank details, national insurance number, etc), it is probably spam.
We recommend you contact the alleged sender via another method (for example a phone call or live chat feature on the legitimate site) to determine if the request is genuine.
All major organisations should have records of emails and requests for information so will be able to advise you on how to proceed.
Check and check again
Always double check emails before sending any information or clicking any links. You may have missed a vital clue in the first read, so give it a second look for good measure.
A handy tip is to check both the display name and the email address. When viewing emails on a mobile device, it is often just the display name that is visible at a first glance, which offers hackers a simple way to hide.
Check the email address before proceeding. People generally know the email addresses and domain names of their bank providers and any other businesses or organisations they use, so it can be easy to spot any fakers!
Click savvy
If you think an email is suspicious, please do not click the link. If you want to check the message out by heading to an official site, do so by opening up an independent, secure browser and visit the site directly – do not click the link in the email.
Another useful tip is when you see a suspicious link, simply move your mouse pointer over the link, BUT DO NOT CLICK IT!
This will show you the true destination. If you click the link, these are often harvesting web sites which seek to secure more of your personal data. When cyber criminals have your data, its highly likely you will become the target of an exponential attack rate since your details will likely be traded with other malicious criminals and the circle continues.
Sometimes one click is all it takes for hackers to gain access, so don’t give them that opportunity! Head directly to the site on your own browser.
When it comes to suspicious attachments, we advise you reach out to whoever is supposedly sending them and verify that they are legitimate and safe. We also offer a FOC quarantine service to our clients to advise in these circumstances.
This can often occur in the workplace, so if a random attachment lands in your inbox that you were not expecting, the best thing to do would be to ask the person directly if it is truly them.
To avoid any issues, we suggest alerting someone if you need to send them an attachment and advise what method you will use to send this.
When you know what to look out for, it can be easy to spot a phishing email. Fraudsters often depend on quick, hurried actions so take your time and examine what is in front of you.
We work closely with security provider KnowBe4, with our clients using this platform to train staff on cyber security issues with increased awareness and accountability. Tools like this are fantastic to help minimise the costs of data loss and identify theft, all while helping employees to be more vigilant and aware of potential cyber threats.
For more information on KnowBe4 and how it can be implemented in your business, get in touch with our team via info@probado.co.uk.
