Phishing is where a Cyber Criminal aims to convince you to hand over personal information, or perform an action such as making a payment or downloading a malicious file by pretending to be from a genuine source.  This article refers to e-mail phishing, however phishing is also done via phone and SMS.

Here are a few top tips to help you identify a phishing email:

  1. Have a look at the senders address.
    Firstly, let me be clear that this is not 100% foolproof as scammers can spoof the senders address to look like it came from someone else.  For example, the text you see in the from field may not be real senders address, or it may be very similar to the senders address with an extra letter included (at a glance, you would not notice this).
  2. Does the e-mail ask you to click on a link?
    Many phishing e-mails will ask you to click on a link in order to ‘verify your information’ often with the threat of disabling your account.  You can hover over the link to see where it is actually pointing to without clicking on it, although I would always advise you to ignore the link in the email and head directly to the specified website to login as you usually would.
  3. Are you asked to submit personal information?
    Microsoft, Apple, Banks, HMRC, Couriers or any reputable company will not ask for personal information in an e-mail.  This is a red flag and you should never respond or do what the sender is asking without having the e-mail checked out by your IT provider, or by calling the the company concerned using the contact information on their website (not details contained in the e-mail).
  4. I need you to make an urgent payment for me!
    I’ve seen this lots and I’ve even been a victim of this phishing attack.  The scammer will do their research and discover the name and email address of a director or senior manager of a company and also the accounts department.  They will then spoof an e-mail to look like it came from the director/manager asking the accounts department to make an urgent payment.  These payments can be in the thousands of pounds.  Never, ever make a payment without speaking to the director or senior manager via phone (not e-mail) first.  So many people fall for this one!
  5. Are you asked to download a file?
    If you don’t know the sender, are unsure as to whether the email is genuine or not, or are not expecting the email, then DO NOT click on any attachments without speaking to your IT provider first.  Usually, the scammer will try to make the e-mail sound urgent in order to pressure you into performing an action.  Stop, take your time and have the situation properly assessed.

The general rule of thumb is if an e-mail, phone call or SMS makes you think ‘that’s strange’ or ‘that’s just not normal’ then stop and have it checked out.  The whole reason scammers use the above techniques is because they work and they make money out of it.  Many phishing e-mails are not particularly well written, or are they personalised.  Some are more targeted and well put together.  Always be on your guard!  Technology such as Microsoft Office 365 and Office 365 with Advanced Threat Protection do a good job of stopping the bulk of these e-mails reaching your inbox, the rest is up to you.  The moment you feel unsure about whether something is genuine or not, have it checked out by your IT provider!

Thanks for reading and stay safe!