How to spot phishy emails
Phishing attempts are becoming more common, and the bad guys are getting smarter by the day.
One of the best ways to protect your business (and prevent very costly clicks) is through staff education and training.
What is phishing?
To put it simply, phishing is trying to trick people into doing something, often via email or SMS (smishing) – that could be clicking a link, opening a malicious email attachment, transferring money or sharing confidential data.
1 in 3 organisations face daily phishing attacks, and with these tying into nearly 93% of of data breaches, the risks are HUGE.
What’s the risk?
Staff engaging with phishing emails is one of the main ways a ransomware attack can enter an organisation. In fact, emails with malicious attachments, file downloads and emails with malicious links accounted for 45% of attacks in the last year (Sophos, The State of Ransomware 2020). Knowing what to look out for could prevent an employee clicking a dodgy link or opening a file, saving your business from massive losses.
If an email seems phishy, look for these ten telltale signs to make sure you don’t take the bait…
1. It just doesn’t look right
Trust your instincts!
2. Generic salutations
Beware of impersonal greetings like “Dear Customer”
3. Requests for sensitive data
Hackers spoof genuine websites and try to trick you into entering your details
4. Specific information on you
Crooks use info they find online to sound more convincing, such as from social media profiles or company websites
5. Scare tactics
Intimidating phrases are often used to get you to act without thinking
6. Poor grammar or spelling
Often a dead giveaway
7. Sense of urgency
Beware of forced time pressure – this is a common tactic
8. “You’ve won the grand prize!”
These phishing emails are common, but easy to spot
9. “Verify your account.”
Always question why you’re being asked to verify
Beware of lookalike URLs meant to trick you, such as www.g00gle.com or www.hotmai1.com
If in doubt do not click, and contact your IT provider IMMEDIATELY. Better safe than sorry!
What else can I do to protect my business?
Support your staff with the tools they need to make correct decisions about spam and phishing.
Educate yourself and your team
by downloading our anti-phishing toolkit below and sharing cybersecurity awareness courses and resources.
Test your staff
on how frequently they click on bad links with phishing simulators.
We can support your cybersecurity strategy by sending harmless, legitimate-looking emails, designed to trick your staff into clicking and entering credentials. Receive a report on who is clicking, how fast, what actions they took, and enrol them into quick cyber awareness education. Increase staff awareness and understanding so that they can make better decisions, all for just a few dollars per month, per staff member.
Use clever technology to take the guesswork away
with Sophos Email Security from activIT systems.
This is a highly sophisticated antispam, antimalware, and antiphishing system which leverages artificial intelligence. It literally tells the reader of an email that the email sender is suspect or dodgy, to guide them on making correct decisions. It scans all links within an email looking for a “malicious payload” – then blocks it if something bad is found. For most environments, it costs less than the price of a coffee per month, per email address.
Make it easy for your team
to report suspect email, with the Sophos report email function.
Simply press the button and our support team will be instantly notified of the suspected phishing email and take action.
These solutions are affordable and easy to implement, and are a must-have for any business, of any size. Chat to us today to discuss the tools available to protect you and your business.
Your free anti-phishing toolkit
Educate your team by downloading these FREE anti-phishing posters and resources.