Posted: Tuesday, December 4, 2018
Over 48% of phishing emails were opened by recipients in 2017, up by 12% compared to 2016. Phishing is a form of fraud; when an attacker masquerades as a reputable person or business within an email in order to extract information or to persuade the recipient to download malicious software.
Although phishing attacks are becoming more sophisticated and harder to detect, it’s worth remembering some basic points that may help you differentiate between a phishing email and a legitimate one.
- Does the email address match the business name?
An email from a bank or large business is not genuine if it’s from a public email address such as hotmail or gmail. Hover your cursor over the email address and check for strange combinations or names and numbers within the address and if you see @hotmail or @gmail or similar, do not open the email. Encourage your IT team to use the very latest email screening to detect inconsistent email addresses.
- Unexpected attachments
If you receive an email from someone you don’t know asking you to open an attachment, DO NOT open it. These attachments can contain malware. Business owners: Use technology to check all attachments in a safe environment before they are distributed out to your team.
- Language that conveys a sense of urgency
Phishing emails often ask recipients to verify personal information, such as bank details or a password. They often state that there is suspicious activity on your account to get you to respond quickly without thinking or checking. If you’re unsure, contact the sender directly using contact information on their website – not what is contained in the email.
- Links to unrecognised sites or URLs that misspell a familiar domain name
Phishing emails may ask you to click a link – check the integrity embedded URL’s by hovering your mouse over the top of the URL to reveal the hyperlinked address. If it’s different from the address that is displayed, the message is probably from a criminal.
- Poor spelling and grammar
Often phishing emails contain spelling and grammar errors or just read strangely. If you’re unsure, don’t open it.
These very simple checks will help you to weed out many of the more obvious phishing emails, yet as we become better at spotting phishing emails, criminals become more adept at finding ways to trick us. The only real solution is to implement robust technological detection and protection alongside awareness and training for your staff. Read our latest guide to phishing to learn more about what you can do to protect your business and your team.