Every time you look through your work inbox, or even through your personal email, there is a chance you could be opening a Phishing email. Phishing emails are deceitful communications which are designed to obtain personal information from you, such as usernames, passwords or credit card details. Don’t fall for them! Read our seven tips below:
1. Study the domain name
Phishing emails which are trying to mimic a genuine organisation can often include the said organisation’s domain name as part of a new domain name. For example, a Phishing email pretending to be PayPal could include ‘paypal’ as part of another domain name – such as ‘paypal.account-security.ru’ – in order to give it the look of a legitimate address. This method of masking an ordinary domain with a legitimate looking subdomain is extremely common in Phishing.
2. Check the URL in any hyperlinks you receive
If the suspicious email you receive contains a hyperlink which the message is encouraging you to follow, you should certainly refrain from doing so. But the link can offer some use – hover your mouse over it and see if the URL it is directing you to matches the link you can see. If it doesn’t, alarm bells should ring!
3. Be wary of requests for money
One of the sure-fire ways to spot a Phishing email is a request to send money to cover expenses or help an individual. If an unsolicited communication asks you for cash, you can certainly consider it to be a part of a Phishing scam.
4. Get your spell check on!
Poor spelling and grammar can be a clear signal that an email is not coming from a reputable organisation. Companies, public organisations and third sector groups put great care into ensuring that their communications are well written and presentable. An email with clear mistakes can tell us that the writer is not a marketing or customer service professional and is in fact trying to trick people. Did you spot the typo in the example email above?
5. Panic stations?
Some Phishing emails are designed to create a mindset of panic. This could be a way of scaring a reader into sharing their details, in order to avoid some costs which are totally fabricated or protect the security of an account. Look very closely for threats or any language which could have the objective of making you frightened, these kind of communications fit the description of Phishing emails.
6. Listen to your gut instinct
As we typically receive many genuine communications each day, we should have a feeling for what a real email looks like. That means if something ‘just doesn’t look right’, there could be good reason to investigate it further. Keep your ‘Phishing radar’ switched on at all times, and if something looks amiss, tread carefully.
7. Safety first
If an email looks suspicious to you, for any of the reasons outlined above, consider the following options: send it to your IT team, or your IT service provider for a closer look. Report it to your email provider and mark it as spam. Or just mark as spam, delete, and look out for any further emails from the same sender.
Cybercrime and protecting your digital infrastructure are two of the most pressing challenges businesses and organisations face in the modern age. But while viruses and malware can be prevented with tools like Anti-Virus and Encryption, Phishing represents a constant danger and can leave your business vulnerable and out-of-pocket.
So, whilst these seven Phishing awareness tips have hopefully offered a little more insight, it’s also advised to invest in ongoing staff cyber security awareness and simulated Phishing campaigns, so your team become alert and responsive to Phishing attempts.
MFG are currently offering new and existing customers a free Phishing campaign for a limited time only – so get in touch to see how MFG can help you today.