<img alt="" src="https://secure.inventive52intuitive.com/789747.png" style="display:none;">
How to identify phishing emails: 4 telltale signs

How to identify phishing emails: 4 telltale signs

Posted by HTG

Eighty-three percent of businesses experienced phishing attacks within the last 12 months. While this speaks to the prevalence of these kind of threats, it also implies something worse: most teams can’t distinguish a phishing email from a regular one.

When someone unwittingly opens an attachment within a phishing email, the following can happen:

  • The threat actor gains access to your company’s sensitive data.
  • Malware infects your network, disrupting operations.
  • Ransomware blocks access to your network until you pay a fee.

To keep your networks, data, and business secure, it’s crucial everyone in your organisation knows how to identify phishing emails.

New call-to-action

How to identify phishing emails

Yes, phishing emails can disrupt and damage your business. But there are ways you and your employees can spot them.

1. Unprofessional-looking email address

Business emails are usually a combination of the person’s name and their organisation. If a well-known organisation emails you, the domain should belong to the company in question. If the email address doesn’t contain the company name, you simply can’t trust it.

But, what about freelancers? Many of them will use public domains, such as Gmail or Outlook.

In these instances, you should inspect the email addresses. On first glance, they might seem fine. But when you look closely, you might see misspellings, or numbers where there should be letters, and vice versa.

2. High-level products at bargain basement prices

Ever received an offer and thought, ‘This is too good to be true’?

The likelihood is that it is too good. But not all your staff will know that, especially if the email seems to come from a respected brand.

Urge teams to approach such emails with cynicism. Once they take a look at other components of the email, they’ll realise all is not as it seems.

3. Urgent emails requiring immediate action

Creating a false sense of urgency is a common tactic of phishing scammers.

They will say you must immediately act, click, open, or download an attachment. If you get a request like this, take a breath. Then, re-read the email carefully and look for signs that it could be scam.

Often, these emails are from people impersonating your co-workers (more on that below). If you’re still in doubt after re-reading the request, contact your colleague directly to confirm it’s legitimacy.

Do this on a separate email, DM or call - do not reply to the original email.

4. Would they normally email about this?

Spear phishing attacks are one of the more sophisticated methods of phishing. The sender masquerades as someone within your organisation, often adding personal details or a profile picture for authenticity.

They usually pose as people in executive positions. For instance, the email might come from ‘your CEO’, asking you to respond to their message urgently.

Untitled (13)1

You can avoid these attacks by doing the following:

  • Standardise communications. For instance, everyone could agree to use the organisation’s asynchronous messaging platform to communicate about urgent tasks.
  • Set a messaging channel for security concerns. So staff can ask for verification on suspicious emails, and get advice around best practices.
  • Educate your employees. Provide training so everyone is aware of the latest developments in phishing. You can ask your IT team to get involved, subscribe to an online course, or secure the help of experts.

5. You didn’t order a parcel (or not from your work address anyway!)

In the last two years, online shopping accounted for 25 percent of all retail sales in the UK.

The likelihood is that at least one of your employees is waiting on a package. So, when a threat actor emails your staff directory with parcel tracking links, they’re playing the odds.

Untitled (14)

Most people won’t use their work email to order personal items. Those who do fall for this scam probably experience a momentary lapse in judgement. 

To avoid worst-case scenarios, encourage staff to think carefully before clicking any links, and to closely read both email addresses and the message content before they do.

Move forward with better security

Yes, phishing attacks are more prevalent than ever. But as sophisticated as these attacks can be, they have some glaring flaws.

And you can use these flaws to your advantage.

When staff know the telltale signs, they’re less likely to click on links. And this means less risk of data breaches, business disruption, and reputational damage.

It’s therefore crucial you educate your staff on what to look out for. You should also instil company-wide policies on cybersecurity best practices. This should include what to do when someone falls for a phishing scam, so you mitigate any damage quickly.

But if you don’t have the time or the resources to get everyone on board, consider partnering with experts. HTG will identify security issues, train your staff, and help you standardise procedures. So you’ll be able to spot threats more easily, and know what actions to take should a threat become an attack.

New call-to-action

Contact

Want to partner with us?

Get in touch to learn more about our services or arrange a free 30-minute consultation with one of our Secure Cloud Experts.

Get in touch
HTG - Contact CTA