10 ways to spot a phishing email

Phishing emails are one of the most common online threats. Look out for these tell-tale signs to protect you from phishing emails.

  1. It doesn’t look right. Trust your instincts and gut-feeling. If it doesn’t look right or you think it is suspicious, don’t click on the links or open any attachments, forward the email to your IT Support for verification.
  2. Sense of urgency. The email instils a sense or urgency or requires an immediate action, whether to submit expenses, reset your password to stop your account from being locked out, a billing issue, or your account has been breached.
  3. There are spelling or grammatical errors. Spelling and grammatical mistakes do happen, but it is highly unusual for these to appear in emails sent from businesses to customers.
  4. Suspicious attachment. If you aren’t expecting the email and it contains an attachment, then it should be opened with caution, especially if it required you to enter your M365 username and password. If in doubt forward the email to your IT Support for verification.
  5. Inconsistencies in email addresses, links and domain names. Hover your cursor over links within the email to view the real destination. Is the senders email address the same as previous emails? Is the domain similar to well known domains, but not the official domain, e.g. Microsoft-customer-services.com, and not Microsoft.com
  6. The message makes unrealistic threats. The email instils a negative consequence, for example, your account will be suspended, a delivery can’t occur.
  7. The offer seems too good to be true. Email pretending you’ve won, or complete a survey for a financial reward.
  8. You didn’t initiate the action. The email is unexpected and could contain specific information about you easily obtained from social networking sites.
  9. It’s not specifically addressed to you. Using a generic salutation, that saves cyber criminals time.
  10. You are asked for sensitive information. You are being asked for sensitive information, which could compromise your identity, e.g. your account number or answers to security questions.

If in any doubt about the validity of an email, please give Kriston Technology a call on 01993 880 980.

At Kriston Technology we offer a range of cyber security awareness training and phishing threat simulation and training for end users. If you would like to better protect your company and test your staff’s response to simulated phishing threats see Phish Threat Simulation and Awareness Training for more details, or call us on 01993 880 980 to discuss your requirements.


Comments are closed