From fake banking alerts to convincing messages from trusted sources, phishing emails are becoming more sophisticated, making it more difficult than ever before to determine what’s real and what’s a scam. So, how can you spot a phishing email and avoid it causing damage? Find out more about phishing emails below.
What is a Phishing Email?
Phishing emails are fraudulent messages that are designed to trick you into taking an unsafe action, such as opening an attachment that contains an infection, sharing sensitive information such as passwords or bank details, or clicking on a malicious link.
In the UK, we often see well known entities such as HMRC, parcel delivery firms and network providers being ‘spoofed’ as part of a phishing campaign, making it seem as though you are receiving a legitimate communication. Attackers can even attempt to mimic a CEO or Director’s email address to encourage you to interact.
The Most Common Types of Phishing Emails
- Fake invoices asking you to send funds to an attacker’s account
- Missed delivery scams encouraging you to open attachments or click links with malicious content
- HMRC and tax refund emails requiring you to enter sensitive information
- Director level impersonation, attempting to pressure staff to send payments or share credentials
7 Signs of a Phishing Email
So, how can you spot a phishing email in your inbox?
- Suspicious sender address: On first glance, the email address may look legitimate, but are there subtle spelling differences? Is the display name correct, but the email address behind it unrelated?
- Urgent language: Encouraging you to act quickly to avoid immediate account suspensions, for example. Legitimate businesses rarely demand immediate action.
- Unexpected attachments: Often disguised as an invoice or delivery notification, the file type may be a giveaway. These files may contain malware which infects your computer if opened.
- Poor spelling or unusual tone: Grammatical errors or odd phrasing are often seen in phishing emails.
- Strange links: Hover over links before clicking, to understand exactly where you’re being directed.
- Requests for sensitive information: Being asked for passwords, bank details or other confidential information over email should be seen as a red flag in most circumstances.
- Generic greetings: The use of ‘Dear Customer’ or ‘Dear User’ by peers or companies you have a relationship could be a sign of a phishing email.
What To Do If You Receive a Phishing Email
- Don’t click anything or open any attachments
- Report the email to your IT department or IT provider
- Delete or quarantine the email
- Warn colleagues to ensure awareness
What If Someone Clicks a Link or Opens an Attachment?
Speed Matters
Acting quickly can reduce the impact of an attack – for example, reporting immediately to your IT team when you input login details to a fake website could enable them to reset the account before it’s accessed and fully compromised.
Immediate actions to take
- Disconnect from Wi-Fi or your work network to prevent any malware from spreading
- Report the incident to your IT team quickly, following your organisation’s incident reporting process
- Change any passwords that may have been exposed
- If possible, run a security scan on your device
Risks of clicking malicious links or opening attachments
- Financial loss through fraudulent transactions
- Compromised accounts, enabling attackers to access email and other systems
- Data theft - both personal and company data
- Malware infection - Viruses, ransomware or spyware could be installed
How Can Businesses Prevent Phishing Attacks?
Staff Training
Teaching staff about the signs of a phishing email and running exercises to test awareness can be of great benefit. Employees are often the first line of defence, so training is important.
Email Filtering
The use of spam filters, domain authentication tools to prevent spoofing and other security tools can reduce the likelihood of phishing emails reaching the inbox.
MFA
Multi-Factor Authentication adds an extra layer of security, making it harder for attackers to access accounts, even if a password is compromised.
Regular Security Reviews
Audits of systems and email settings, in addition to ensuring software and systems are updated with latest patches all support businesses in reducing the likelihood of an attack being successful.
A Quick Checklist – How Can You Spot a Phishing Email?
- Do you recognise the sender?
- Are you expecting the email?
- Is the request unusual?
- Do any links look genuine?
Whilst phishing emails are evolving and becoming more convincing, having the right awareness, tools and processes in place can avoid them becoming an issue for your business.
If you’re interested in strengthening your phishing protection or need a more robust approach to cyber security in general, we’re here to help.
