How to Spot a Phishing Email: Tips to Detect a Fake Email
Anyone can be a victim of phishing, these tips will help you recognise whether an email is accurate
Email is an effective gateway for hackers and cybercriminals, with especially for social engineering attacks such as phishing.
A 2017 study from Keepnet Labs showed that a staggering 48.2 percent of phishing messages were opened by the target across all campaigns, up from 30 percent in 2016.
Security issues like malware and ransomware are frequently delivered via email - and so it takes just one unrecognised successful breach to affect the safety of an organisation.
According to Keepnet Labs, phishing attacks tend to be successful as they target basic human natural responses. This is due to the fact that the emails are disguised to look like those sent by popular brands & organisations, however there are ways to spot when something isn’t right.
Here are some tips for detecting a phishing email.
1. Incorrect spelling & grammar
The structure of an email is often the first way to spot whether it is a phishing email or not. The writing style is likely to appear different to how it is usually written from the original sender, even in the slightest way.
Organisations and brand marketers tend to take their communication very seriously, and often have emails proof-read before being sent out so it is highly unlikely the email came from the original source if an email is packed with spelling and grammar mistakes.
2. Strange URLs
A phishing email is likely to include some links to direct you to a site asking for login details, where would-be attackers can then steal account details.
This is often overlooked as the URLs appear to be valid or even similar to the link you are used to logging into but if checking emails from a PC, you can hover your mouse over the link where you can see the actual hyperlink – if it looks unfamiliar, then it's not safe to click.
The domain name may also be different to the organisation or brand it claims to be from, so check the sender address and look back at how domain addresses usually appear in previous, legitimate emails you have received from that organisation.
3. Personal information
If the email begins with ‘Dear Customer’ as opposed to being addressed by your name, it is unlikely that it came from the organisation itself. If it is an organisation that has your personal details on file, then they are more likely to address the email to you.
Also, a bank would never ask for your personal information via email. It would also never ask you to submit your account details in such way. This is a clear way to spot a phishing email.
4. Requests urgent action
Emails that claim "urgent action" is required are very frequent phishing scams as the fraudster is likely to be tricking the user to click links to access personal data.
If you receive an email stating this, with a threat that your account may be closed or blocked, for instance, it is best to give the organisation a direct call before taking any action. Usually, if it is coming from them they will either write a letter or call you themselves.
5. Alarming content
Often, phishing emails are written in an alarming manner to trick the person into clicking links out of excitement or fear.
They are likely to say you have won a prize or some sort of discount, sometimes they might even say there’s been fraud on your account – all of which can cause panicked responses from people. Instead of clicking the link, just go the company’s website and log in directly, any of the information (if accurate) is likely to be on there.
It is better to confirm from the supposed sender before taking actions which require sharing your personal details.
6. What to do if you’ve been a victim?
As phishing emails are often very difficult to spot, it is likely that many people and organisations have been a victim, perhaps without even realising it.
However, there are actions that can be taken to avoid further fraud. If you know you have been a victim, or suspect you might be from an email you have received then it is a good idea to report it as a crime.
This type of issue can be reported as suspicious communications via an online form on the Action Fraudwebsite. There is also more information on what to do in the case of phishing scams on the government website.
- Technical Pre Sales Consultant
- Greater London
- £65,000 Base + Bonus + Package
A Technical Pre Sales Consultant, with a focus on cybersecurity, is needed to join a specialist security services business in the Greater London area. This is a perfect opportunity for anyone looking to retain their technical hands-on skills and step into a presales position. CURRENT hands-on experience is essential as this role will be split between professional services and presales. The Technical Pre Sales Consultant must have current experience working within the cybersecurity industry and have experience engaging with clients face to face. Any experience with scoping, high-level design, proof of concept (hands-on), RFI, RFQ etc is highly desirable Must be commutable to West London. Current technology experience with any of the following vendors such as Check Point, Palo Alto, Varonis, Fortinet, F5, Bluecoat etc. Apply today for more information, all details kept in the strictest of confidence. Key skills: Presales, Pre Sales, Security Presales, Network Security, Managed Security Services Ref CH7538
- Data Centre Presales Engineer
- Up to £47,000 Base + Bonus
A Data Centre Presales Engineer is needed to join a leading Data Centre business in London. The Data Centre Presales Engineer will be responsible for; Sales Support, Stakeholder engagement (presentations etc.), RFI / RFQ, High-level technical architecture & support etc. This role is client-facing so expect some travel but only across London. Requirements Current presales experience within an IT managed services role. Current experience with Data Centre technology would be extremely beneficial but other experience in industries such as; telecommunications, cloud, unified communications etc. is required. MUST be commutable to London. Ref PG7543
- Senior Identity and Access Management Architect
- Up to €85,000 Base + Package
Senior Identity and Access Management Architect (IDAM) subject matter expert is needed to lead and drive technical and or business transformation projects in a client-facing position for a prestigious consultancy in Frankfurt, Germany. Broad technical knowledge across Identity and access management is essential. Technical hands-on experience with one or more of the following core areas; Privileged Access Management (PAM, CyberArk, Beyondtrust, Thycotic) Identity Governance Administration (IGA, Sailpoint, Omada, RSA) Customer Identity & Access Management (CIAM, Forgerock PSD2) Fluent German is a MUST (Written & Speaking) A successful individual will be client-facing and MUST have strong exposure in previous positions designing and implementing Identity and Access Management solutions, this will be a hands-on position, working directly with the functional consultant and support teams If you are passionate about your industry and specialise in the IDAM space and are looking for a new challenge to step up, apply today and speak with the Security team. Candidate must be Germany or EU based (must want to relocate to Germany) Ref: TC7153
- Functional Identity & Access Management Consultant
- Up to €100,000 Base + Package
My Client, a leading international consultancy firm are currently in the process of expanding their Identity & Access management practice across each of their 3 sectors. Working with Large FTSE 500 companies on interesting technical / Business Transformation projects. The Identity & Access Management Consultant will be the key head in deriving and understanding business cases, consulting with the client to truly understand the needs of the business and suggest a solution of best fit. A deep understanding of business protocols, risks, as well as a strong understanding of Identity & Access management is essential to be successful in this position. Working in one of the following three IAM practices, The Identity & Access Management Consultant will need to have strong knowledge in at least one of the following; Privileged Access Management (PAM, CyberArk, Beyondtrust, Thycotic) Identity Governance Administration (IGA, Sailpoint, Omada, RSA) Customer Identity & Access Management (CIAM, Forgerock PSD2) Fluent German (Speaking & Writing) Current experience within a client-facing role, working with Identity & Access Management solutions is essential, my client are one of the leading partners in the space, hence why I am looking to speak with the best of the best. If you are passionate about your industry and specialise in the IDAM space and are looking for a new challenge to step up, apply today and speak with the Security team. Candidate must be Germany or EU based (must want to relocate to Germany) Ref TC7542