Top Tips to Avoid Phishing Scams
Did you know that in 2019, 32% of businesses and 22% of charities have identified cyber security breaches or attacks.
Among these organisations, the most common attacks are:
- phishing emails (80% of businesses and 81% of charities experiencing breaches or attacks)
- others impersonating their organisation online (28% and 20%)
- viruses or other malware, including ransomware (27% and 18%)¹.
Below you will find some easy tips on how to spot phishing emails. You may also want to read our article on managing your online passwords and how you should use them to keep your information as secure as possible and avoid scams and theft.
To put it simply, phishing scams are there to con you or your business. As the statistics above indicate many of these scams happen online. They are set up by computer hackers who send deceptive emails or set up fake websites.
Unfortunately, no matter what companies do, some phishing emails will always make it to the inbox – cybercriminals are constantly thinking of ways to overcome newly developed security. That’s where end user education comes in. In fact, in the case of more than half (57%) of businesses who had suffered a recent breach, the incident had first been spotted by staff rather than by software². So it pays to educate your staff.
Here are nine simple tips to help identify spoofing or phishing emails.
Tip 1 – Don’t trust the display name
Many email inboxes only show the display name of an email. A tactic used by cybercriminals is to closely replicate the display name of an email. For example, firstname.lastname@example.org – the GWA correct address is email@example.com. Double check the email address in the “from field”, if it looks suspicious, don’t open the email.
Tip 2 – Who is it addressed to
If the email is addressed to “Valued Customer” or another generic title, be on guard. Legitimate businesses will often use a personal salutation with your first and last name.
Tip 3 – Beware of urgent or pressuring language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorised login attempt.”
Tip 4 – Watch out for spelling mistakes
Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully. Many phishing emails may also use United States English rather than UK English.
Tip 5 – Look but don’t click
If there are any links embedded in the email hover your mouse over these. This should display the full link address – if this looks odd or different to that shown in the email do not click on it.
Tip 6 – Do not provide sensitive or personal information
Legitimate banks and most other organisations will never ask for sensitive account information such as passwords or credit card details via email.
Tip 7 – Do not click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Failed delivery notices or unpaid invoices are common attachments that include malware. Do not open any email attachments you weren’t expecting.
Tip 8 – Check the sender’s contact details
Lack of details about the sender or how you can contact a company could suggest a phishing email. Legitimate businesses always provide contact details.
Tip 9 – Be a sceptic
Just because an email has realistic logos, language and a seemingly valid email address does not mean that it is legitimate. When it comes to your email messages be a sceptic. If it looks even remotely suspicious, don’t open it.
If you are ever unsure about an email or would like to discuss how you can be better prepared in relation to cyber security, please feel free to contact GWA Computer Services on 01289 306688 or firstname.lastname@example.org.
¹ Cyber Security Breaches Survey 2019
² Action Fraud News – 23 March 2019