Can you spot a phishing email?

You’ve probably heard about ‘phishing emails’ where scam emails are made to look authentic in order to trap the recipient into handing over sensitive information. It’s one of the most common ways that cyber-crime is committed and unfortunately it’s not going away. Last year Google reported that 18 million phishing emails were being sent to its Gmail users every day relating to the Covid pandemic, so how can you avoid being phished?

Being vigilant to the signs we’ve listed below goes a long way but phishing emails are becoming more sophisticated and often is it people rather than technology that falls foul of a phishing scam. A good defence tool to implement would be a Phish Threat Stress Test that sees your IT provider send a phishing email to your workforce, with their real identify masked, to see who believes it to be genuine and who doesn’t. A report would follow that details who passed and who would benefit from further guidance and training.

Some of the signs you would expect to be spotted are:

• Is the email addressed to you by name, used appropriately? Be wary of emails where you are addressed as ‘customer’ ‘supplier’ ‘colleague.’
• Scammers might try to replicate logos and branding concepts of the organisation they purport to be. Does the email design meet your expectations?
• Emotive language is often used to evoke a response. Beware of phrases like ‘you must act now’  and ‘click here to claim your prize.’
• Does the sender’s name and address look correct? Spelling mistakes are often subtle so check carefully. Always look at the email address as well as the sender’s name.
• Large, official organisations will always have their own domain. Your bank will never send you an email from .gmail for example.
• The email may contain spelling mistakes and grammatical errors.
• Attachments and/or links are usually included that once accessed auto install malware onto your machine that is designed to capture your sensitive information.
• Does the email claim to be from one of your personal subscriptions, such as Netflix, but sent to your work address? It’s a good idea to keep your work email separate from personal use.

It’s worthwhile reminding members of your organisation to be alert to phishing emails as the best form of defence is vigilance. But if you think that you would benefit from a Phish Threat Stress Test, an IT security review, or simply more information about our IT support company Birmingham, please get in touch and we’d be happy to discuss your options.