How to spot a phishing email
We know that cyberattacks are on the increase and a favourite and growing approach is via email, which we call phishing.
According to the Cyber Security Breaches Survey 2021 carried out by Department for Digital, Culture, Media & Sport, among the 38% of small to medium sized businesses identifying a breach or attack, 82% had phishing attacks, 25% were impersonated and 13% had malware (including ransomware)*.
Phishing email attacks are not a new concept, but they are becoming increasingly sophisticated and can wreak havoc on individuals and organisations if successful in their purpose.
Business Email Compromise is a form of phishing attack that uses compromised email credentials or imitates a legitimate email address in order to encourage the recipient to take action. This could be to transfer funds, make a payment or share sensitive information.
Phishing is a real and serious threat to businesses and organisations of any size. It is favoured by cybercriminals because it’s low cost with typically high returns³, and who can be not only large cybercrime operations, but equally lone individuals working from their bedrooms!
Phishing emails are also favoured because there is no need for dialogue between the scammer and the recipient. They do not need to monitor mailboxes and send tailored replies. This is an automated approach where thousands of fraudulent emails are simply dumped onto unsuspecting recipients. The more they send, the more likely they will enjoy success with someone becoming a victim of their scam.
It’s therefore really important that you and your staff are able to identify a phishing email should it land in your inbox.
Here are FIVE TIPS to help you spot a phishing email
1 The message is sent using a public domain
The domain is what comes after the @ symbol in the email address. A public domain is one provided by free email service providers such as Gmail, Outlook and Yahoo¹.
An example would be firstname.lastname@example.org
Typically, a legitimate company would have its own domain that matches its business name. We are Barnes Commercial Insurance Broker, and our domain is @barnesinsurancebroker.co.uk
You can double check a company’s domain by typing the company name into a search engine and checking the email domain against the website’s URL. They should normally match – and if they don’t it’s time to investigate further.
Remember, the cybercriminals are using everything at their disposal to try and get you to engage with their fraudulent email and will sometimes mimic the brand and style of the business they are pretending to be, for increased credibility.
At a quick glance it can be easy to mistake a phishing email as genuine. In the example below the email looks at first glance as legitimately from PayPal – it even says From PayPal and has the right logo and a believable footer. But on closer inspection you can see that the actual domain address after the @ symbol is not related to PayPal.
The sender’s address is a big clue – here it says ‘email@example.com’ which is clearly NOT from PayPal. If the email were genuine, it would be from firstname.lastname@example.org.²
2 The domain name is not spelt correctly
Criminals will buy domain names as close to the one they are trying to impersonate as possible. Anyone can buy a domain name and they are relatively cheap, so this is an often-used approach.
If you’re glancing at an email that has a familiar name, it’s quite easy to miss a spelling mistake.
For example: the legitimate business is called @clarksinsurance but the hacker could buy @clarkesinsurance.
3 The email is poorly written
This is a further indication that the email is not from a legitimate company. In the PayPal example above, the heading ‘What the problem’s?’ is not good English.
Often scammers are from non-English speaking countries and use tools like Google translate to help them to create the copy, which is why we see mistakes. These may be spelling mistakes but can also be grammatical errors. Sometimes words are missing, so sentences do not make sense.
Of course, people do make mistakes when writing their emails – it’s easy to misspell something and not notice. It is therefore important that you take your time when reading an email to make sure that it’s from the person or organisation you think it is.
If you’re really not sure, it’s probably worth a call to the sender directly via telephone or website. Be careful though to use the correct contact details and not those suggested on the suspect email!
4 The email contains suspicious links or attachments
All phishing emails have one thing in common – they will contain an infected link or attachment that they will encourage you to click on or download.
The link might look suspicious if the destination address doesn’t match in with the context of the rest of the email. However, often links within emails are often hidden behind text, images or buttons so the destination is not immediately visible.
How to spot a suspicious link:
- Hover your mouse over the link.
- The destination address appears in the small bar along the bottom of the browser.
If the link looks suspicious, do not click on it.
(If you’re viewing on a mobile device, you can hold down the link to show the destination address).
Links and attachments are the gateway into your systems for the cyber attacker. Once clicked, the cybercriminal can access your computer and perform any number of illegal activities. Even if the email is from someone you deal with regularly – they could have been compromised and their account used by a fraudster. Always check the link destination before you open it.
If you suspect a link or attachment is fraudulent, never click on it!
5 The message is URGENT!
Another red flag is a message with a sense of urgency.
Scammers will try and create urgency so that the recipient will act immediately, without pausing to make sure the email is legitimate.
These work particularly well if they appear to have been sent from internal sources, such a senior member of staff. In the first instance the recipient will want to act quickly to a request from the boss and are unlikely to call to double check, but if the request is unusual or out of character, a quick call would be worth the unwelcome impact of a scam.
Learn more about how we can help you to protect your business from cyberattack:
If you would like to learn more about cyberattacks and how best to prepare your business against an incident, please get in touch. We can help with more than just insurance cover – we can help you to create a full risk assessment so that your bases are covered. Then we can look at areas identified for improvement and work with you to ensure the right procedures are in place. If you’re prepared for the unexpected, the fallout of any cyberattack will be as minimal as possible.
You can call us on 01480 272727 or email us at email@example.com to start your cyber conversation today!
*DDCMS: Cyber Security Breaches Survey 2021
¹ Zoho: How a public domain sender affects email deliverability
² IT Governance
³ National Crime Agency