Deceptive emails are the cause of many security issues and data breaches, but many people are still unaware of what to look for when determining if an email is genuine or not.
The high profile “hack” suffered by the NHS last year came as a result of an employee of the NHS opening a “phishing” email – an email which poses as something or someone else to get recipients to give up private or personal data. In the case of the NHS, their machines were infected with ransomware, which quite literally held their network to ransom. Many hacks or security breaches can be avoided by knowing how to avoid falling victim to fake emails. Here, we outline some of the telltale signs that the email you are reading is not all it seems…
Strange Email Address
There are a few things to look out for when checking the email address that you received your message from. First of all, check the domain. If the email is claiming to be from an official organisation, the domain (the part after the @ symbol) should be the same as the organisation’s website. If your email comes from a public domain like gmail, hotmail or outlook for example, then chances are the sender isn’t who they say they are. You should also check the sender information. Often, the name of the sender will look normal, but when you check the sender info, the actual email address will be a random series of numbers and letters, or be something completely different to what it claims to be. A lot of spam email addresses will use slight mispellings too or domains that may look legitimate (e.g aple.com or apple-support-team.co.uk). The address is a clear indicator of whether or not an email is genuine.
bit.ly addresses or other truncated links can sometimes be used to mask bad domains too. There are sites that will unpack a bit.ly address though so you are able to see where it points. Otherwise, it may be a good idea to avoid truncated links altogether, even though services like bit.ly are quite widely used.
Check the branding on the email (the images, the logos and the email signature). All of this should be consistent with the company’s official branding. If you receive an email from an organisation that has inconsistent branding, no branding or something just looks off, you should approach with caution. If everything does look official, then have a look out for the following...
You should never click links or download any attachments in unsolicited emails. Even if you believe the email to be genuine, you should do some further analysis into whether the link is safe. If the link looks to lead to an unrecognised website, or is long, containing lots of characters, you should treat it as harmful. If the link is embedded in the text, or linked via a button, hover over the link to see where it leads to. Many browsers have in-built harmful link detection services and will warn you if you are heading to a potentially malicious website, but you shouldn’t rely on that to keep your device secure.
Spelling and Grammar
All large companies and organisations will have teams of people working on their official communications, so if you see any glaring spelling or grammatical errors, you should be wary. Spelling and grammar also leads into the next point...
General Tone of The Email
The tone and “feel” of the email is important. Thinking about the brand, does the email read like one of their communications? Does it seem authentic? This is very much about going with your instincts and what you know genuine email communications to look like (this one will come with experience).
General Tips For Dealing With Phishing Emails...
If something seems off, always contact the company directly. If, for instance, you receive an email claiming to be from your bank asking you to confirm your details, call your bank to find out if the email is genuine. DO NOT call any number or contact any email address listed in the email. If it is a phishing scam, the contact details will also be fake. Type in your bank’s website yourself, and do not click any links in the email.
Be vigilant. If you receive an offer that sounds too good to be true, it most likely is. If anyone is asking you to give them personal details, alarm bells should ring. Do not download anything from someone you don’t know, and if you receive requests to send money, always, always check the source of the email.
If you would like help tightening up your organisation's IT security, please get in touch! We provide IT support and IT services to over 3,300 end users across more than 75 organisations, and would would love to discuss how we can help your company too.