9 Ways to Identify Phishing Emails
1. An Unfamiliar Tone or Greeting - The language isn’t quite right – for example, a colleague is suddenly over familiar, or a family member is a little more formal.
2. Grammar and Spelling Errors - A common sign of a phishing email is bad spelling and the incorrect use of grammar. Most businesses have the spell check feature on their email client.
3. Inconsistencies in Email Addresses, Links & Domain Names - Look for discrepancies in email addresses, links and domain names. Check previous correspondence that originating email addresses match. If a link is embedded in the email, hover the pointer over the link to verify what ‘pops up’. If the domain names don’t match, don’t click.
4. Threats or a Sense of Urgency - Emails that threaten negative consequences should always be treated with suspicion. Another tactic is to use a sense of urgency to encourage or even demand, immediate action in a bid to fluster the receiver.
5. Suspicious Attachments - If an email with an attached file is received from an unfamiliar source or if the recipient did not request or expect to receive a file from the sender of the email, the attachment should be opened with caution. .zip, .exe, .scr are extensions commonly associated with malware downloads.
6. Unusual Request - If the email is asking for something to be done that is not the norm, then that too is an indicator that the message is potentially malicious. For example, if an email claimed to be from Absolute Networks asking for a program to be installed or a link to patch the PC followed.
7. Short and Sweet - Some phishing messages are also sparse in information hoping to trade on their ambiguity. For example, a scammer might spoof an email from John at a company that is a preferred vendor with a vague message such as ‘here’s what you requested’ and an attachment titled ‘additional information’.
8. Recipient Did Not Initiate the Conversation - An often-used hook is to inform the recipient he or she has won a prize, will qualify for a prize if they reply to the email or will benefit from a discount by clicking on a link or opening an attachment.
9. Request for Credentials, Payment Information or Other Personal Details - One of the most sophisticated types of phishing email is when an attacker has created a fake landing page that recipients are directed to by a link in an official looking email. The fake landing page will have a login box or request that a payment is made to resolve an outstanding issue.
Recent Posts
Is it time for a company policy on the use of ChatGPT and other LLMs?
IT Support Large language models (LLMs) have rapidly popularised since the launch of ChatGPT at the end of 2022. As an emerging technology there are many security unknowns but considering [...]
Russian and Iranian spear-phishing in the UK: Are your defences up?
IT Support Russia-based group SEABORGIUM and Iran-based group TA453 are targeting UK organisations, individuals and decision makers with spear-phishing campaigns. Spear-phishing, like phishing, involves malicious links being sent via email, [...]
Charities Beware: You’re a target!
IT Support The lowest of the low! Cyber criminals see UK charities as easy pickings. Here's why charities are particularly vulnerable to cyber attacks: Regularly handle donations Hold sensitive and [...]
Is your business guilty of phishing ‘blame and fear’? Is there another way?
IT Support You hear a knock at the door and go to answer it. As you open the door the person on the other side barges past you, into your [...]
Strong Passwords, blah, blah, blah! But what really is a strong password policy in 2023?
IT Support Most are fully aware that passwords are the gateway to your business systems and therefore weak passwords represent a massive vulnerability. Weak passwords are a form of human [...]