With more than 88% of unsuspecting businesses attacked by phishing attempts each year, it’s vital that your employees are correctly educated so that they can easily spot a phishing email. Doing so could be what saves your company from a data breach, and ultimately how you avoid untold damage to your organisation and finances.
So, what are the characteristics of a phishing email? Take a look at our guide for 10 quick and easy ways to identify phishing emails.
What is phishing?
A popular form of cybercrime, phishing attacks are used by criminals attempting to steal your money, personal information or identity. Whilst scammers can use email, text messages and phone calls in an attempt to catch you out, more than 75% of targeted cyber-attacks start with an email, making it a key area of focus when learning to identify a phishing attempt.
Phishing emails are often designed to replicate a design from a legitimate brand, such as a well-known bank, software company or other reputable institution. In fact, some phishers will even go as far as to use another organisations logo.
Top tips for detecting phishing emails
With modern-day phishing emails often individually targeted to evade detection from email filters, it can be extremely difficult to identify what is legitimate and what is a scam. However, there are several easy ways in which you and your employees can quickly detect a phishing email and avoid an attack. Here’s how.
1. Spelling errors
One of the easiest ways to identify a phishing email is by keeping an eye out for spelling and grammatical errors. We all fall victim to the occasional typo, so as a busy employee, they can be overlooked. However, taking the extra time to read through an email could save your business from significant damage.
There are a number of reasons cyber criminals deliberately use spelling errors, but historically, misspellings were a good way of bypassing spam filters and blockers. This is also a clever and meticulous way for scammers to easily identify those they deem the most susceptible to believing the sincerity of the emails, or due to poor translation from a foreign language.
2. Don’t fall for urgency
A sense of urgency is sure to make you click on an email quickly. Cyber criminals often demonstrate reward or scare tactics in order to get you to click on the email quickly, meaning that you may miss clear signs of it being fraudulent. So, next time you are offered a prize or an email demands quick attention, take the time to reread it first before clicking a link or attachment.
3. Review the email signature
Another easy way of identifying a suspicious email is through the email signature. Reputable companies will nearly always have a signature complete with contact information. However, if the signature looks incomplete, or if there isn’t one there at all, this is likely because it is a phishing email.
4. Public domain names
Ever seen a corporate company with a @gmail or @hotmail email domain? Reputable businesses will use a unique domain name, such as @lloyds.com, whereas personal accounts tend to use public domain names as these are free. So, if you see an email from a public domain name, be wary that it could be a phishing attack.
5. Misspelt domain names
On the subject of domain names, there’s another clue hidden within the domain name that suggests that it could be a phishing email. A misspelt domain name is a strong indication of a phishing attempt. Even if an email looks legitimate, it’s always a good idea to check for hidden spelling errors.
Legitimate companies that you have previously connected with or bought from will address you by your name. Scammers who often send out emails in mass, will sometimes cut corners by addressing you with ‘Dear Sir/Madam’ or other shortenings. Whilst some cyber criminals go as far as to use your first name, a generic greeting is a good sign that it may be a scam.
7. Avoid sharing personal details
A legitimate company will not ask you to share confidential information via an email without reason. So, if an unfamiliar sender asks you to enter sensitive information such as payment details or login credentials, ensure you cross verify their authenticity to avoid data breaches or identity theft.
8. Suspicious attachments
Phishing emails typically encourage you to download malicious URLs and trojans, by installing a virus on your computer once clicked. To avoid this, it’s vital to be aware of high-risk attachment types such as .exe, .scr and .zip files.
One of the most effective ways of establishing whether a file poses a risk to your network, is by hovering over links to verify where they will take you. But, when it doubt, it’s always best to directly contact the person over the phone for verification. After all, it never hurts to be cautious!
9. First time senders
When you receive an email from a sender you haven’t communicated with before, you should be extra vigilant. Whilst it isn’t unusual to receive a mailer from someone for the first time, if you haven’t seen their name pop up before, it’s a good opportunity to examine the email extra carefully.
10. Utilise a free phishing test
The Freestyle TS free phishing test is a fast and highly effective way to discover the effectiveness of cyber security within your workforce and identify opportunities and fixes required to strengthen your cyber security training. If you’re unsure whether you are subject to malicious emails, this free trial will help protect you from malware, remote access trojans and the other consequences of phishing scams.
Boost your cyber security with Freestyle TS
Phishing scams and ransomware attacks are rising, so now more than ever, your organisation should be taking the necessary precautions and protecting your employees. Book your free phishing test today and learn more about your cyber security vulnerabilities.
Alternatively, learn more about how you can defend your business assets, with our built in cyber security services.