Posted 5th February 2019

Spotting (and stopping!) a phishing email

80% of data breaches are the result of human error prompted by unscrupulous activity, with phishing and spam mail a vicious form of cybercrime.

Phishing emails are commonly used to trick individuals into sharing their personal information, ‘fishing’ for passwords, credit card numbers and other credentials whether they’re at work or home.

Within an organisation, spear-phishing attacks are targeted specifically to a department or position, where intelligent technology tracks user habits and background information to catch a recipient out.

Unfortunately, these types of emails are becoming harder and harder to identify, and with the rise of cybercrime globally, how exactly do you spot the difference between a trusted and phishing email? We’ve outlined a few common trends to help prevent you or someone using your device fall victim here:

Who has sent the email?
Always check that the email is from a colleague, customer or vendor you know and trust before taking action such as sharing personal information.

Who else is the email sent to?
If you’re CC’d on an email, do you know the other people copied in? If not, look out for common trends such as all the names starting with the same letter.

What date and time was the email sent?
If the date and time is out of office working hours such as 3am, this may be a red flag.

Does the subject line make sense?
Look out for inconsistencies or irrelevance in the subject line. If it seems out of the ordinary, triple check the rest of the email to see if you can pick up any more phishing trends.

What is the email asking you to do?
Misspelling and bad grammar are two common examples of phishing emails. Do not follow the sender’s instructions if the email feels out of character or makes you feel uncomfortable.

What file types are the attachments?
Firstly, see whether the attachment has any relation to the email and if yes, check whether you recognise the file type (for example .doc, .pdf, .jpeg). Do not open it if you don’t recognise the file type, as it may be infected with malware.

What’s the address used for the hyperlink?
Always hover your mouse over the hyperlink before you click to double check the link-to address is the same as the website stated. Clearly read the hyperlink checking for spelling and missing words; for example rather than

What should you do if you accidentally open a phishing email?
1 – Disconnect your device from WiFi
2 – Back up your files
3 – Scan your system for Malware
4 – Change any credentials you have shared

If you are concerned about cybersecurity in your business please give us a call on 01935 318888 or read more about our security packages here.

Looking for a glossary of the need to know cyber security words? Read our Jargon Buster here.

Posted by: