How to spot a Phishing email

Are inboxes can be busy at the best of times, but how do you spot something malicious in all this noise?

What is Phishing?

Phishing is where “cyber criminals” attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising their attack as a trustworthy communication – usually an email or a website. They are often very convincing and to most users, exceptionally hard to spot.

I’m smart, I wouldn’t fall for that!

The phishing emails are designed to look exactly like the normal emails they are pretending to be and cyber criminals often use domain names (website addresses) that are very similar to the real domain to trick the user. For example, if in a hurry or you’re checking messages late at night, would you immediately spot something hooky with one of these two links:

Or in the example below, would you click the link in this email?

Let’s hope you wouldn’t as that’s not from Google. Not spotting these phishing emails can lead to your business being a victim of ransomware, viruses, data theft or social engineering attacks – exactly what your business could do without as they can prove to be very costly errors!

So how can you stop being phished?

  • Never send your password in email

    don’t respond to an email asking you for a password, no one will email you asking for you to reply with a password in the email. The same goes for personal data, if your bank suddenly emails and asks you for your account info or your debit card number, it’s not your bank!

  • Don’t click unexpected links

    if you didn’t request a forgotten password then don’t click the link! Again, the same goes for personal data, never fill in a from because someone emailed saying they need to verify the information. If you’re not expecting it, don’t click it.

  • Look out for deceptive links

    like the examples above, always check the link, if it doesn’t look right then don’t click it. If it’s a button with a link then hover over to display the link address.

Pro Tip: GSuite from Google has anti-phishing built in and checks all links and buttons in emails to see if they are legit, if they’re not, it flags or spams the email so you never see it. If your email provider doesn’t do this then it might be time to move to someone who does.

If you have any concerns about how secure your website or email system is, then get in touch and we can have a look.  We’ve been in the business of digital for a very long time now and know what to look out for.  Keep your business safe with us.

Get inspiration in your inbox

Don’t miss out, get our tips, how to guides and news straight to your inbox. Our occasional emails have a one-click unsubscribe if it’s not for you. Want to give it a try?

© Pallant Digital MMXX