Phishing is one of the most common tactics cyber criminals use to steal people’s data and infect their devices with malware. It uses deceptive emails and websites to trick victims into clicking malicious links, downloading attachments or sending sensitive information.
Phishing emails can impersonate well-known brands or even people you know, such as colleagues. The goal is to trick the recipient into believing that the message is important and convince them to click a malicious link/attachment or provide sensitive data such as banking details and passwords.
As cyber criminals’ techniques continue to develop, it gets harder to spot their scams. Almost half of all phishing emails are opened, and with attacks costing mid-sized organisations €1.4 million on average, everyone needs to make email security a priority.
In this blog, we provide five clues to help you detect phishing emails.
1. The email is sent from a public email address
Look at the sender’s email address, as this can help identify if the person is truly who they claim to be. Often, the criminal will use a public email address such as gmail.com. If your bank or colleague is going to email you, it will come from a company email account with the company name in the email address.
2. Strange attachments
If you receive an unexpected email or an email from someone you don’t know asking you to open an attachment, do not open it. These attachments can contain malware that can harm your computer and capture your personal data.
3. The creation of a sense of urgency
Phishing emails often ask recipients to verify personal information, such as bank details or a password. They can create a sense of urgency by warning that your account has experienced suspicious activity or pretending to be someone you know who is in urgent need of financial help.
These are massive warning signs. If you are ever unsure, contact the company or person using the contact details you already have for them or that are on their legitimate website. Never use any contact details or click any links provided in the email.
4. Links to unrecognised sites or URLs that misspell a familiar domain name
Phishing emails may ask you to click a link within the email. By hovering your mouse over the link or address, you can see the linked site’s true URL. These URLs can be slightly misspelled or completely different to what you are expecting, so always double check before you click.
5. Poor spelling and grammar
You can often detect a phishing email by the way it is written. The writing style might be different to that usually used by the sender and it might contain spelling mistakes and poor grammar.
One of the reasons behind the large increase in phishing attacks is the lack of basic knowledge about them. People are fundamental to cyber security, so it is vital that they can detect security threats and know how to respond.
Prevent phishing attacks in your organisation
This blog shows that, as tricky as cyber criminals are, there are always clues that can help you stay safe. The hard part is memorising them so that you can spot a suspicious email before it’s too late.
Organisations that want to help their employees navigate these issues should consider our Phishing and Ransomware – Human patch e-learning course.
This online training course is the perfect introduction to phishing, providing a crash course in email-based threats. You and your staff will gain an understanding of what phishing is, how it works and what to look for in just a few minutes.
If you’re interested in more crash courses, we also offer ‘human patch’ training modules on: