Have you received a suspicious email pretending to be an important message from a trusted organisation, such as your bank? These types of scams are called phishing emails, and they’re on the rise.
Last year, over 74,000 phishing scams were reported to the Australian Competition and Consumer Commission’s Scamwatch, resulting in a loss of over $24 million. As these numbers grow each year, it is more important than ever to keep ourselves informed so that we can identify this type of cybercrime and avoid falling victim.
Phishing emails are a form of “social engineering” – meaning they play on human interactions and psychology, usually with the aim to steal confidential information or install malware onto your device.
By being able to identify a phishing email, you can stop the scam in its tracks.
We’ve compiled a list of 6 ways to spot a phishing email so that you and your employees know what to look out for.
1. The email address looks unusual
If the email address of the sender looks different from usual, this is an indication that the email may be fraudulent. Some examples of this include email addresses with numbers appended at the end or those containing spelling errors.
Legitimate emails will be sent from a verified domain, such as firstname.lastname@example.org.
Some phishing emails will purposely alter the display name and email address of the sender so that they appear legitimate. This is called email spoofing and can be incredibly misleading. To verify if a sender is genuine, you should hover your mouse over the “from” display name. This will bring up a small window which will contain the true email address of the sender.
2. The email is unexpected
Unexpected or unusual communications can be a sign of a phishing email. For example, if you get an email claiming there has been a security breach on your PayPal account, but you do not own a PayPal account – this would indicate it is likely a phishing email.
Phishing emails will often use generic greetings such as ‘Dear Valued Customer’ instead of using your first and last name. This is often the case when the phishing email has been sent out to numerous individuals.
3. The email contains spelling or grammatical errors
Incorrect spelling and grammar are an indication that an email may be fraudulent. Legitimate companies take care to ensure their emails are well written.
More sophisticated phishing emails will do their best to imitate legitimate companies. If suspicious, you can compare it to previous emails you have received from the company in the past – and look for any inconsistencies with the branding or general appearance of the email.
4. The email demands urgent action
Phishing emails are often designed to alarm you and make you rush into an action before you can look too closely and notice any suspicious details.
If the email is threatening negative consequences or the loss of an opportunity if urgent action is not taken, this indicates it could be a phishing email.
5. The email contains suspicious links or attachments
Phishing emails will often try and get you to download an infected attachment which contains malware. If you have any doubt at all about the identity of the sender or legitimacy of the email you should never open or download email attachments.
Phishing emails also often contain links which lead to malicious websites. Links can be disguised in the form of hyperlinked text, shortened links or buttons.
To confirm the true destination of a link, you should hover your mouse over it. This will give you a preview of the destination address, which appears in a small bar along the bottom of your browser. If this address looks unusual or does not start with https:// – then the link is not safe.
6. The email is requesting personal or sensitive information
Most companies will not send emails requesting sensitive or personal information.
An unprompted email from an unfamiliar sender which requests information such as your account numbers, passwords or credit card information is a strong indication that the email is fraudulent.
A common technique used by phishing emails is to lead the recipient to a fake login page, often designed to look like the real thing. Upon entering their confidential account information, their data is stolen.
How to protect against phishing attacks
If you identify any of these six characteristics, or if you have any doubt at all regarding the legitimacy of an email, you should contact the company directly by calling them on the number found on their official website. They will be able to verify if the email is legitimate or not.
It only takes one employee to click on a phishing link or attachment for an entire business to suffer the consequences. A staggering 90% of cyberattacks succeed due to human error – which is why education and awareness is critical.
At Ever Nimble, our CAT (Cyber Awareness Training) platform delivers just that. Our CAT platform provides an easy-to-follow program that evaluates your staff’s cyber awareness knowledge and reduces risk by providing essential training through video lessons, phishing simulations and more. In addition to this, our CAT platform provides extensive risk reporting, dark-web scanning, and policy toolkits.
To protect against threats in the email inbox and beyond, we use tools from world-leading security vendors such as Crowdstrike, Fortinet, Cisco, Threat Locker, Barracuda and Proof Point.
Our SOC (Security Operations Centre) and MDA (Managed Detection Response) provide a comprehensive cyber security monitoring system – which hunts for malicious activity and if found takes swift action to alert our team of experts so that the situation can be remediated.
Ready to access expert cybersecurity support and level up your cyber protection? Contact us on +61 8 6381 6900 or get in touch with us here.