With cyber crime continuing to be one of the biggest threats to business, attackers are continually finding new ways to try to compromise the cyber security. Phishing emails and hacked email accounts are becoming increasingly common, particularly those which bank details can be changed in a bid to intercept payments. The credibility and genuine intelligence of these attacks is becoming increasingly sophisticated; from existing suppliers ‘requesting to’ change bank details on a PDF sent by a genuine contact, to a fraudulent email from a CEO of a charity to her own staff members requesting to change her PAYE details. The key factor in all of these attacks and the most critical means of prevention is user training and understanding.
We have put together 10 top tips to help you identify suspicious emails:
1. Do not trust the display name
Although the email may look like it has come from a name you know or recognise always check the email address to confirm the sender. This can be done by either hovering over the display name or right clicking and viewing properties.
2. Read the email but do not click
You can check links within an email by hovering over them with your mouse. Alternatively, you can copy the hyperlink and paste into a document to view the full link. If it looks strange or doesn’t match the text in the email do not click it.
3. Check spelling and grammar
Phishing emails can often have spelling or grammatical errors that you would not find in a genuine email. If the email is written in a tone that differs to previous communications from that sender be sure to check before you take any actions.
4. How is the email addressed?
Is the email addressed to you specifically or is the address vague? Phishing emails are likely to be less personal and may use salutations such as Dear Trusted Customer rather than using your name.
5. Are your personal details being requested?
A legitimate company is highly unlikely to request personal information via an email. Banks and financial institutions, in particular, will never request such details over email.
6. Beware of time pressures
Phishing emails can make it sound like there is an urgency to encourage you to act fast. It is rare that a legitimate company would make first contact by email with a very short deadline. The urgency is used by attackers in an attempt to panic receivers who would be less likely to check details if they are concerned about missing a deadline.
7. Check the signature
Most legitimate emails will include a signature block at the bottom along with a legal disclaimer. Fraudulent emails may have no signature block or one that does not match the company style.
8. Do not open attachments
The email may make the attachment sound very important, but attachments can often be viruses disguised as normal documents. In particular be careful of emails that seem to be automated emails providing an attached invoice. If you have not received an invoice in this manner before always check with the supplier before opening.
9. Do not believe everything you see
If the email sounds too good to be true or a little strange it may well be. Attackers will use very clever tactics to encourage you to provide personal or payment details. If you were not expecting to receive such an email or it is different to previous emails send by that contact, it is always wise to get it checked.
10. When in doubt contact your administrator
If an email raises concerns of any of the above it is always best to contact your administrator to check rather than put the organisation at risk.
These tips are not guaranteed to stop phishing emails being successful but the more aware you are of the areas to look for hopefully the more successful you will be in identifying them. There are several other areas that can be used to help protect your organisation from phishing and hacked emails including additional cyber security and staff training. If you would like to find out how Qlic can help you be better protected contact us on 020 3904 3464 or [email protected].