How to spot a phishing email

Phishing has always been a threat that IT managers have had to stay on top of, however, when so many employees are currently working from home it’s an even bigger problem to manage. And for some companies, facilitating home working quickly enough meant that potentially vulnerable services such as Virtual Private Networks (VPNs), had to be used. Although that did connect remote employees, it also amplified the phishing threat for individuals and organisations as fraudsters actively seek ways to exploit publicly known vulnerabilities in VPNs.

What is the point of phishing?

In essence, it’s a fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details. The fraudster makes contact electronically (usually by email but also by other means such as text message). The communication is presented as though it has come from a trustworthy entity and lures the recipient into providing sensitive data such as personally identifiable information, banking and credit card details, or passwords. The information is then used to access accounts. Phishing emails which deploy malware are also common. The victim opens an attachment or downloads a malicious file from a linked web page which results in the device being compromised. 

It’s more important than ever that your staff don’t get caught out

Some particularly unsophisticated phishing emails can seem so ridiculous, they’re not worth worrying about (the Nigerian prince who’s fallen on hard times for example). Unfortunately, the vast majority of phishing emails are much more evolved that this. The fraudsters are getting cleverer and that in turn means that your employees need to be more aware in order to protect themselves, their personal information and your business information too.

Bear in mind that working from home can also lull people into a false sense of security: it can feel more relaxed, the working environment is completely different, individuals may find that their usual routines are not being followed in the same way they are at work. All of this can distract from the protocols usually followed in the office. If some emails are arriving from different addresses, it may mean that your staff member may not immediately spot when an email looks suspicious, even if they did before. 

In light of the current circumstances, now is a good time to remind all staff of the dangers of phishing and how to spot a malicious attempt to compromise them.

Use the following 5 tips on what to look out for:

1. Incorrect sender address

Always double-check the email source to see if the email address has been impersonated. If it’s a familiar address, you can often spot quickly if it’s changed even slightly. If it is unfamiliar, the address itself may still look wrong or even contain incorrect spelling.

2. Dodgy links

Always, always always check the link destination before clicking on it. Just hover your mouse over it to display the destination URL. If you’re still not sure, re-key the domain name into your search engine and see if that looks right.

3. Bad spelling and grammar

This is common – either the fraudster has a poor understanding of language or grammar or they are rushing and making mistakes. Either way, this should set off alarm bells and prompt you to look closer before responding.

4. Sense of importance or urgency

This can take various forms such as the use of authority and urgency to attempt to scare you into taking action without thinking or checking; curiosity and desirability to lure you into clicking on links; even simply including a familiar logo can make the email appear more trustworthy and therefore believable.

5. Asking too much

Bear in mind at all times that banks never ask for personal information via email. They also never threaten to suspend your account if you don’t update your personal details within a certain period of time.  

During these challenging weeks and months, the technology experts at Access Group are working hard to offer support and resources to help businesses. For more information on phishing and the other technology-related issues you are currently facing, please contact us. We would be delighted to help.