Phishing emails are a common cyber security threat designed to trick users into providing their personal information or account data to hackers. In this post, we tell you how to spot the common signs of phishing emails and how to avoid them to better protect your business.

Phishing emails are designed to trick users into providing their personal information or account data to hackers. These emails usually impersonate a company that you will be familiar with such as Amazon, a phone company, or a bank, in the attempt to gain your trust. Falling victim to emails like these can cause major cyber security threats to businesses, and to your own personal data. The sender may include a link in the phishing email to take the user to a website that may take your personal data or install malware or viruses on your device. To the untrained eye, these emails look real enough to look like they’re from a legitimate company or person, but there are some things that users can look for to help identify phishing emails.

User browsing her secure emails
What to Look For:
  • Misspelled sender address or an email address that uses a generic public email domain such as ‘@gmail.com’. These addresses often look similar to the real company’s name and use small changes such as using a zero instead of an ‘o’. The sender name may show the correct company name so it is best to double-check the actual sender email address.
  • Demands for urgent attention such as ‘Click this link now to protect your account’. Attacker’s emails often use these tactics to rush users into clicking harmful links before they have taken the time to check them.
  • Incorrect spelling and grammar within the content of the email – Legitimate companies will take time to check the spelling and grammar of emails and use grammar-correcting tools. Phishing emails are usually produced hastily and in large numbers so are not usually checked as thoroughly.
  • Impersonal or unusual greetings – Emails sent from legitimate or familiar companies will usually use your name in the email greeting as they have access to your information you provided to that company. Emails from individuals should also be checked. For example, emails sent between work colleagues usually use informal greetings. If they suddenly start using formal greetings such as ‘Dear’ or ‘Greetings’, you should check with the colleague that their emails haven’t been compromised.
  • Suspicious attachments – Emails from large companies will not usually include any attachments unless you are explicitly expecting one such as a returns label from a portal you completed online. You should be especially wary of attachments if they use uncommon file extensions (.exe, .scr., etc). If you receive an unexpected attachment from a colleague or client, call them to check its legitimacy. You should visit the company’s website to find the correct contact number rather than calling phone numbers written in the email.
  • Requests for passwords, bank details or other personal information. These requests should always be treated with caution, especially if they are unexpected as companies will not normally ask for any of this information by email. Phishing emails may also contain links that take you to what looks like a login or payment page. You should not put any information into these pages until you have called the company to check they are 100% legitimate.
  • Links to unrelated website pages. All links in emails should be checked by hovering your mouse over the link and checking the linked webpage in the bottom-left of the window. Check that there are no spelling mistakes and that website’s domain matches the company it is sent from. Long links with what seems like a large number of random numbers and letters at the end should not be clicked unless you have called the sender to check the legitimacy first.
  • Emails that seem too good to be true. These emails often state that there will be a reward for clicking a link or providing your personal information. These emails are almost always phishing emails and the actions stated in the email should not be completed.
How to Protect Yourself and Your Business:

Familiarising yourself and your staff about the key characteristics of phishing emails is one of the best defences your company can have against cyber attacks by email. Staff will be less likely to open attachments and click harmful links in phishing emails and therefore the risk to your business’s network will be reduced.

The other most effective form of defence is to have a reliable spam filter on all of your business’s email accounts. Antispam solutions will stop most phishing emails before it reaches your network or device. Antispam filters should also be intelligent – using up-to-date data and technology to adapt the filter to the latest threats. You can find out more about Carrera UK’s antispam services here.

Share This Post:

About Carrera UK

Carrera UK provide IT support, IT services, and telecoms to small businesses in Portsmouth & Southampton in Hampshire, and across the South of England.

We offer a complete suite of IT and telecoms service solutions for small and medium-sized businesses, including IT support, broadband, home working support, business phones, and websites.

We know how important IT is to your business and we will work hard as your trusted IT and telecom service provider to find the best solutions for you. Our IT support and solutions give you the assurance that your business technology will be robust, reliable, and cost-effective.

Follow Us: