How to spot a phishing email (Part 1)
We’ve all received scam emails, trying to trick us into visiting a website, downloading a virus, or entering bank details or other personal information. Generally, they are fairly easy to spot, however, criminals are constantly upping their game and we all have off days when we’re particularly rushed or stressed.
In this article, we want to share our tips for spotting these scams and what you should do when they hit your inbox.
What to look out for
- Check the sender details, be aware this could appear correct as software is available to spoof email addresses
- Incorrect spellings – take great care these can be made very difficult/impossible to spot for example; this is a capital I (i), and this is a lowercase l (L) extra spaces and using certain letters together
- Poor English – spelling or grammatical errors
- Unusual requests
- Requests to enter passwords
- Requests to change bank details
- Offers that seem too good to be true
- Requests for payments
- Emails that you aren’t expecting
Here are just a few examples of phishing emails
Example 1 – Use of urgency
This example, received by a client, demands action within 2 hours. It has been designed to frighten the recipient by threatening that their email service will be deactivated. The sender’s email address is not genuine but these other clues should give the game away if you don’t know that.
Example 2 – Spoofing – appears to come from a genuine company email address
This is an example of spoofing where the sender appears to be genuine . When hovering over the link you can see where the re-direct goes.
Example 3 – Spelling errors you might not notice
This example has an extra ‘s’ in the email address. Extra letters, missing letters, and using letters in combination can trick you particularly if you are hurrying or your sight isn’t perfect. This one isn’t that difficult but as another example, a quick glance at an r and n together appear to read m.
If your suspicions have been raised, then you should never
- Open attachments.
- Click Links.
- Enter passwords, bank details, or other personal information.
- Reply to the email – not even to ask if it is genuine.
If you are unsure, then you should
- Check by phone with the supposed sender using a number from an official website (not from the email you received)
- Report the suspicious email by forwarding it to email@example.com
If you’ve lost money or have been hacked as a result of responding to a phishing message, you should report it to www.actionfraud.police.uk or call 0300 123 2040.
In Part 2 of this article (coming soon) we share the steps to take if you accidentally clicked on a suspicious link and want to check for malicious software that may have been downloaded.
Our Managed IT Service is designed specifically to meet the needs of small businesses in the North West, allowing them to focus on what they do best.
So, if you run a small business in the North West and want more information about anti-phishing software or our security awareness training then please get in touch