As well as being annoying and relentless, phishing emails are becoming more and more convincing. Although the days of being contacted by wealthy Armenian princes seem to be behind us, phishing scams now more often pose as businesses or people you know, using scare tactics to convince you or one of your employees that urgent action needs to be taken - or else.
This has become known as 'Spear Phishing' - where the person emailing appears to know enough about you or your business to appear trustworthy. Take your phishing detection skills to the next level with these easy steps, and don't let your business fall prey to those costly emails.
1. Hover, don't click!
Clicking a link in one of these emails is the worst thing you can do, because you have no idea what it is going to do, or where it is going to take you. A good way to check is to hover over the link, and check the url.
The url should be to a registered domain which is linked with the sender of the email. Even if it does say PayPal, the domain should be 'support.paypal.com', not 'paypal.support.com'. This proves that the link is from the site, 'paypal.com' not the site, 'support.com'.
2. Check that spelling!
There's never a better time to become obsessed with grammar. A lot of phishing scams intentionally put in a spelling mistake, just because if someone looks past it they know that they've found a target that is less likely to spot inaccuracies.
There is no excuse for spelling, 'Confirm' wrong, particularly when its in the subject line. Send it to Junk.
3. Who's the sender?
If an email claims to be from a business, the sender should have an email address with that extension. For example, the emails that you may receive from PayPal should be something like, 'support@paypal.com'.
'sani@sani.com' doesn't have a PayPal extension, which should raise some serious red flags. If you're using Outlook 2010 or later, you can also go to, 'File' and then 'Properties'. The box at the bottom of the following screen should be labelled 'Internet Headers' and will tell you where the email came from.
4. What do they want?
With phishing emails, the sender usually wants personal information - and often once you've clicked the link, you don't even have to fill it in for them to receive it. Be wary of any email that requests passwords, account details or have suspicious looking links.
Along with this, there's usually a deadline involved - in this case 48 hours. This is just to ramp up the pressure and get you to click that terrifying link. If in doubt, head over to the website yourself, without using the link in the email, and contact the business from there.
5. Prevention is better than cure
Transcendit can install and configure anti-phishing and filtering solutions that will work to protect your organisation - whether you're working with cloud based services such as Office365, or have an on-premise email solution.
If you're still worried about your security, think you may have entered information somewhere you shouldn't have, clicked a suspicious link, or just aren't sure if an email is legitimate or not, we can help. Give us a call at 0191 482 0444 - it's always better to be safe than sorry!