IT Security News • 22 August 2022
What is Email Phishing? How to Spot and Avoid Scams
What is Email Phishing? How to Spot and Avoid Scams
What is Email Phishing? How to Spot and Avoid Scams, Fabric
Your business faces cyber threats every day. But did you know that phishing attacks are the most common threat to your systems? Last year, 39% of UK businesses fell victim to cyber-attacks, of which 83% resulted from phishing emails.
Organisations let malware slip through their net for a number of reasons — from patchy security to lack of employee awareness. But, thankfully, with a bit of help, you can stop this from happening.
This article will explain what phishing emails are and how you can identify them. We’ll also show you how to stop phishing emails from infecting your network.
What is a phishing email?
Phishing emails are a type of cyber threat. They contain social engineering techniques to lure recipients into handing over sensitive data, including personal information, login data, and financial details. In a nutshell, phishing emails are scams that leave you at risk of identity theft, fraud, and other dangerous eventualities.
How does a phishing email work?
Phishing emails work by encouraging recipients to act, such as clicking on a link, downloading an attachment, or inputting data into a form.
Malware is then installed onto their device, giving the hacker control and site of the victim’s information. In some cases, criminals can access your entire business network.
- Malicious attachments
Cybercriminals send emails with files as attachments that infect a device with malware once downloaded. They could also allow keyloggers to track your activity while using your device. Typically, hackers impersonate reliable companies like delivery services and ask you to download a copy of a postal receipt.
- Malicious links
Hackers also try to encourage recipients to click on links, which take them to a fraudulent copy website of a trusted company. They might send emails impersonating streaming services that ask you to verify your account, for example.
- Fraudulent data entry
Another common type of phishing email is fraudulent data entry forms. Emails encourage you to visit fake websites and enter sensitive information, such as your date of birth, phone number, address, credit card information, or bank details.
Types of phishing attacks
Cybercrooks are clever. They have a host of tricks up their sleeves to coerce their targets. Let’s look at some of the most used tactics:
- Spear phishing — Emails are highly targeted. Cybercriminals spend time learning about an individual and their online habits so that they can send a persuasive email.
- Clone phishing — Hackers copy a legitimate email from a reputable company but replace original links and attachments with malware.
- Whaling/CEO fraud — This involves targeting CEOs of companies to access valuable information.
- Business email compromise — Emails target individuals with significant control, such as directors or financial teams. The goal is to gain access to sensitive financial data or encourage these people to transfer funds.
- Link manipulation — Emails contain malicious links that appear legitimate, often impersonating a trustworthy source, such as a bank.
- Malware — Cybercriminals send emails containing malicious attachments that infect a device and give them control of stored information.
How to spot a phishing email
Knowing how to identify phishing emails is an essential step to protecting your organisation. Here are some of the tell-tale signs:
- Urgent calls to action — Phishing emails have a sense of urgency, encouraging the recipient to take action immediately. They might ask someone to provide personal details immediately to avoid a fine or open links that expire after a set period.
- Threats — Hackers often make threats, primarily through highly-targeted, spear-phishing emails. One tactic involves targeting LGBTQ+ employees and threatening to ‘out’ them publicly if they don’t hand over their financial details.
- Generic greetings — Phishing emails often begin with “Dear Sir/Madam”, which isn’t commonly used by familiar organisations.
- Spelling and grammar — Emails often have poor spelling, incorrect grammar, and strange word choices.
- Imagery and layout — Phishing emails sometimes look suspicious. They might contain uncharacteristic fonts, text in different colours, and blurry images.
- Incorrect email addresses — You might think an email is sent from a company like Amazon, but take a closer look—the address might read ‘@Amaz0n.com’.
- Suspicious links and attachments — Links that don’t match the sender’s address or don’t include ‘https’ are likely malicious. It’s possible that these emails also ask you to download unusual attachments, even if they don’t seem relevant.
What should I do if I’ve opened a phishing email?
If a fraudulent email lands in your inbox, it’s imperative that you know what to do. Here are some top tips:
- Avoid links and attachments — Don’t click if a link or attachment looks suspicious.
- Do your research — Phishing emails are supposed to look legitimate, so they can be hard to identify, especially if they impersonate an organisation. If you’re unsure, email or ring the organisation directly to see if they sent you the email.
- Speak to the source — If the phishing email came from someone in your organisation, speak to them first in person. If their account is compromised, you must identify malicious emails immediately.
- Delete the email — Phishing emails are often harmless if you don’t open them. If you think it’s a phishing email, delete it immediately without opening it. You should also block the sender.
Reporting scams is just as important as recognising them. So, employees should know how to report phishing emails using the appropriate channels. It’s a good idea to alert your IT department so they can take remedial action. You should also contact the email provider to help trace the phishing email and block further attacks.
How to prevent email phishing attacks
Now that we know how to identify phishing emails, let’s explore how to stop them from reaching your employees’ inboxes.
- Cybersecurity measures
The most effective way to stop phishing emails is by installing tight cybersecurity measures and technical defences, such as firewalls and email monitoring systems. In doing so, your network will automatically block malicious emails before they arrive in your inbox.
- Authentication systems
Authentication systems are another technical defence that helps to block phishing emails. Two-factor authentication adds a layer of security when logging into sensitive applications. This typically involves logging in with your password and an authentication app or a code sent to your phone.
- Staff training and testing
Employees also need training on spotting suspicious emails and dealing with them. Fabric IT’s cybersecurity services include phishing training for your staff, including in-depth coaching on identifying and responding to email threats.
You also might want to test staff at regular intervals through phishing simulation exercises, where ‘dangerous’ emails are sent in a secure environment to assess employees’ responses and see if further training is needed.
How can Fabric IT help you stay safe from phishing emails?
We offer extensive cyber security solutions to help protect your network and devices from malicious hackers. Our anti-phishing package involves extensive staff training, Dark Web monitoring, and ongoing threat reports to detect phishing emails. With our help, you’ll keep hackers out of your network for good.