Phishing Emails

Installing security on your PC or mobile device is the first step to reducing your risk of falling victim to cyber-crime. However, it’s just as important to regularly refresh your knowledge and understanding of modern phishing techniques.

Phishing attacks aren’t new, but they are increasingly sophisticated and growing – with brazen criminals targeting larger numbers of people. Cyber-crime has the potential to cause you and your business great financial and reputational harm. Here are five clues to help you detect a phishing email scam in your inbox!

1. Sender uses a public domain

A public email domain is provided by free email service providers such as Gmail, Yahoo, Outlook and AOL . 

e.g. Simon.Smith@gmail.com 

Most commercial businesses have their own email domain and company accounts. 

e.g. Simon.Smith@smithwindows.co.uk 

While it may be common for clients to contact you using their personal email address, it is a little more suspicious when a company uses one. It’s quick to check the legitimacy of an email address by typing the company’s name into a search engine – before cross-checking the email domain against the website’s URL. 

2. The domain name is spelt incorrectly

Anyone can buy a domain name – and criminals will create addresses that are indistinguishable from the one they’re spoofing.

For example, a hacker who wants to pretend to be Simon.Smith@smithwindows.co.uk could buy the domain name @smithswindows.co.uk – that’s smiths with an s. So, if an email feels unusual – take a closer look.

3. The email is poorly written

Poor spelling and grammar could be another clue that the email is a scam. Many scammers come from non-English-speaking countries and/or from backgrounds where they have limited access or opportunity to learn the language. 

While there are tools for spelling like ‘spell-check’ and ‘google-translate’, it is less easy to write English words in the proper context. Grammatical errors are more likely to give them away. Look for missed words and poor sentence structure. 

People make mistakes in emails all the time! So, just look at the context of the error and decide whether it is an honest mistake or something more suspicious. If in doubt – contact the person by different means e.g. by telephone or via their website. 

4. The email includes suspicious attachments or links

All phishing emails have one thing in common – an infected link or attachment that the scammer wants you to click on or download. 

A suspicious link can be spotted if the destination address doesn’t match the context of the rest of the email. Unfortunately, many legitimate and scam emails hide the destination address in a button or image, so it’s not immediately apparent where the link goes to.

To be safe, train yourself to check link destinations before opening them. 

• - Hover your mouse over the link
• - The destination address appears in a small bar along the bottom of the browser

On a mobile device – hold down on the link to show the link destination.

Never assume an unsubscribe link is safe in an email. Always hover over it with your mouse to see what the real website URL is. If the unsubscribe link is in a suspected phishing email, don’t click it — ever.  

An infected attachment contains malware and in a typical example, the scammer claims to be sending an invoice. Once open, the document unleashes malware on the victim’s computer which could perform any number of criminal activities.

5. You need to act - URGENTLY

Every cyber-criminal knows that the longer you think about something, the more likely you are to notice things that don’t quite seem right. So many scam requests ask you to act immediately. 

For example, we are likely to drop everything if our boss emails us with a vital request, especially when clients or colleagues are supposedly waiting on us. 

Phishing scams like this are particularly dangerous because you may be unlikely to confront someone on these occasions. However it’s better to be safe than sorry!

To discuss your cyber risk requirements or to take advantage of our free health check service, get in touch on 01905 892 381 or email FENSA@marshcommercial.com .