Phishing is a prevalent cyber threat that continues to evolve, targeting individuals and businesses alike. As cybercriminals become more sophisticated, understanding what phishing is and how to spot it has never been more crucial. In this guide, we delve into the world of phishing—exploring its various forms, how it works, and, most importantly, how you can protect yourself and your organization from falling victim to these malicious schemes.

Q: What is phishing?
A: Phishing is a type of cyberattack where attackers deceive individuals into providing sensitive information, such as passwords or credit card numbers, by pretending to be a trustworthy entity, often through emails or websites.

Q: How can you spot phishing attempts?
A: Phishing attempts can often be spotted by looking for signs like unusual sender addresses, generic greetings, urgent or threatening language, and suspicious links or attachments. Always double-check the authenticity of the communication before taking any action.

Q: Why is phishing so dangerous?
A: Phishing is dangerous because it can lead to severe consequences, such as identity theft, financial loss, and unauthorized access to sensitive information. It’s a gateway for more significant cyberattacks, making it essential to be vigilant.

Q: How can you protect yourself from phishing?
A: Protect yourself from phishing by being cautious with emails and messages, verifying the source before clicking on links, using anti-phishing software, and educating yourself and your team about the latest phishing tactics.

By staying informed and adopting proactive measures, you can significantly reduce the risk of falling victim to phishing attacks.

We’ve all done it.

You’re sat at home and you receive an email.

“You’re owed £500 on your tax refund – please claim now.”

Suddenly, it happens.

The thoughts trickle into your brain.

What could I spend that £500 on?

A holiday?

New clothes?

Finally, you can pay off that money you put on your credit card.

It seems so legitimate.

And potentially, too good to be true?

You fill out the “forms” and boom.

Suddenly, you’re in debt.

Scammers have stolen your credentials and bank information and now your monies being stolen without you even realising…

This is known as successful phishing emails.

What Is “Phishing”?

You might think that the term “phishing” sounds familiar.

Well you would be correct.

The term phishing is a play on words of “fishing”. Scammers dangle a fake lure to users hoping they take the bite and provide personal information like a credit card number.

Great play on words.

But let me clear.

Phishing is one of the most dangerous methods of cybercrime.

Deception is the key and tricking victims is the goal.

But it’s okay.

Please don’t panic.

Ways To Spot Phishing Emails

I am about to explain to you how to spot phishing emails with some easy steps.

1.      The Email Is Not Addressed To The Recipient’s Name.

Let’s lift the veil on this.

It is extremely uncommon for a company to not refer to you with your correct name.

Companies already have your details – why wouldn’t they use them?

2.      Grammatical Errors

It’s important to bear in mind.

Scammers are not concerned with grammar and this is their downfall.

Read the email.

Then read it again.

Is the email feeling a little bit, well, suspicious?

It’s probably because it is.

Scammers are not usually from English speaking countries and this can be used to our advantage. Look out for grammatical errors.

Remember most pieces of software have spellcheck.

But this doesn’t mean scammers know how to put a sentence together.

Most scammers may use obvious grammatical errors so that only the most vulnerable and gullible fall for the emails. This way, the scammers know they are more likely to get away with their crime.

 

3.      Does The Message Domain Match?

Let’s make this really, clear.

A legitimate company rarely have an email address that end in @gmail.com (or similar).

Say you work at Halifax.

Your work email address would not end in @gmail.com

It would most likely be @halifax.co.uk.

Check the sender address. If you aren’t sure, google the official company website and give them a call.

This doesn’t apply for independent workers, who often use gmail or other free email providers. If you get an email from someone who’s independent, it’s always a good idea to check their credentials. (Licences, reviews, recommendations, etc).

4.      Does The Email Suggest That If You Don’t Act Now The Whole World Will Collapse?

I’m sorry to break it to you.

But it’s probably a scam.

Scammers enjoy creating a sense of urgency.

Humans are procrastinators but maybe in these circumstances this works, for us.

Read the email twice.

Take your time.

You might see a red flag you didn’t see before.

When you rush reading emails you will miss things.

Take your time and double check.

5.      What About Within Businesses?

Credit where credit is due.

Scammers do think some things through.

It is common for scammers to imitate senior members in a workplace.

And it works.

Let me explain myself.

Some employees may not feel comfortable confronting their senior.

Scammers realise this.

It’s important to remember.

You might receive an email from a senior asking you to complete a specific task involving sensitive information, and it may seem out of character. Trust your gut and ask them if it came from them.

It’s better to be safe than sorry.

Although this may be awkward, you can save yourself and them a lot of trouble.

6.      Sometimes It’s Obvious.

Now, I think we can all say we’ve experienced this one.

You open your emails

BAM

“YOU’VE WON THE LOTTERY”

That’s it, now you’re writing your resignation letter and booking the next one-way flight to Bali.

(Whilst figuring out what credit card to pay off first)

But hold your horses.

Suddenly, it dawns on you.

Did you even enter the lottery this week?

Sometimes scammers send out emails and you haven’t even completed the action.

This is clearly a phishing scam.

Ensure that you do not open any files on these emails.

Or fill out ANY personal details.

Take the opportunity to have a look and see the grammatical errors you might see in the email.

This will help you in the future.

7.      Scammers Sometimes Imitate Government Agencies

Let me take you back.

That £500 tax refund had you drooling.

Scammers often mimic Government agencies, like HMRC.

Let me make this abundantly clear.

HMRC will not contact you about tax refunds via email.

If you’re still not too sure.

Please, ring the appropriate department and check.

However, it’s not all doom and gloom.

How Can You Protect Yourself Against Phishing?

I’m about to give you some steps to help protect yourself.

  • Google search the company “trying” to contact you. Is the domain correct?
  • Always contact the company/organisation/or Government department if in doubt.
  • Install a web application to help spot phishing emails
  • Always check the email address and see if it matches.
  • Never open attachments without being sure of the sender.
  • Hover over the links and see if it matches the domain.
  • Employers must encourage an open space for employees to come to them, if concerned.

Let’s Wrap This Up.

Phishing emails are a part of the email life.

But there are steps to take.

Read the email again. And again.

Trust your gut instinct.

If it doesn’t seem right.

It probably isn’t.

And always contact the company or person mentioned. There’s no harm in this and it’s always better to check and be certain. This way you can avoid any unnecessary trouble.

Let’s put an end to phishing.

One phish at a time.