//Cybersecurity for business
16 Ways to Spot a Phishing Email:
Your Guide to Safer Inboxes
With our businesses becoming more digital, the need for heightened cybersecurity awareness has never been greater. One area that continues to be a headache for Australian SMEs is the world of phishing emails, one of the top 3 threats. You’ve probably heard the term ‘phishing,’ but do you know what it really means?
What is a Phishing Email?
A phishing email is a fraudulent message designed to trick the recipient into divulging personal information, passwords, or even making unauthorised payments. These emails often mimic familiar brands, authorities, or even work colleagues or bosses to appear credible.
They can move between platform as well, i.e. by starting with an email and then moving on to a messenger app like whatsapp or telegram.
Why Are They So Successful?
The success of phishing lies in its simplicity and psychological manipulation. By appealing to our curiosity, urgency, or even fear, these emails get us to drop our guard and click on or do something we shouldn’t. The cost of falling prey to a phishing email isn’t just monetary; it can have a massive ripple effect on your business, leading to data breaches and a loss of customer trust.
Why Are Phishing and Scam Emails So Dangerous to Businesses?
The most common phishing attempts are trying to gain access to your emails, files, accounts or other clous software you may be using. The greater the financial gain, the more likely it’s a target. Damage from falling for a phishing campaign can include:
One of the most immediate effects of falling for a phishing scam is financial loss, both direct and indirect. Direct financial losses can result from funds being transferred to fraudulent accounts. Indirect losses include the cost of addressing the breach, potential legal consequences, and the loss of productivity during downtime.
Phishing emails often serve as an entry point for more complex attacks, leading to a full-blown data breach. Sensitive company data, customer records, and trade secrets could be exposed.
Customers put their trust in businesses to keep their data secure. A breach due to a phishing attack can significantly erode that trust and reputation, often leading to a loss of customers or clients.
Depending on the industry you’re in, strict guidelines about data protection may lead to hefty fines on businesses that fail to safeguard customer data.
Because of these damaging outcomes, it’s crucial for everyone—especially employees within a business—to be able to identify and guard against phishing attacks.
To help you navigate these murky waters, here are 15 pointers that will make you an expert at spotting phishing emails.
16 Pointers to Spot a Phishing Email
1. Unusual Sender Email
For example, if you get an email from “[email protected],” that zero in place of an ‘o’ is a red flag. Generally, emails from freemail accounts like Gmail.com or Hotmail.com are never used by legit companies as they send from their own domains. A third source are hacked accounts from other internet users – receiving an email from a Romanian nursery about your Telstra mobile should raise flags from the get-go.
We recommend to implement an indicator which shows that emails come from outside your business. This helps with any phishing and other scams that impersonate a boss or coworker. <Instruction can be found here>
3. Spelling and Grammar Errors
Reputable companies have editors. Poor grammar and numerous spelling errors are a dead giveaway. However, with the rise of Artificial Intelligence, this pointer is on the way out. Modern scam emails can now even emulate the writing style of a sender, i.e. heavy use of emoticons.
Unless you’re expecting an attachment, be very wary—especially if it’s an executable .exe .bat .lnk or .zip file. Nowadays, they should all be blocked by default, really! If you don’t expect an attachment, don’t open it.
Also, if your business is not yet blocking HTM and HTML files, make sure you do. It’s one of the most commonly used phishing tricks which opens a fake local logon page that looks the part.
A more recent appearance are QR codes which take you to scam websites on your mobile devices. Same outcome!
9. No Contact Information
Legitimate emails usually contain a signature with the company’s contact information. Phishing emails often skip this. Under Australian SPAM law, not only do companies have to clearly indicate their details, but they also need to provide a simple unsubscribe option. If both are missing, it’s sure not to be legit.
11. Request for Money
If an email is asking you to send or wire money, especially to a foreign account, that’s always a scam. Unless you’re a currency trader, maybe. No matter how convincing the story or reason: Think twice and ask for a reflection of the story by someone you trust. This simple switch breaker will often make you realise you’re about to be scammed.
12. File Download Redirects
An email asking you to download a strange file type, such as a .bat or .exe file, is almost certainly phishing. Or worse: Ransomware. Once on your local computer and run, that software can do whatever it likes to, including accessing open internet pages giving access to your social media accounts or emails.
13. Offers That Are Too Good to Be True
Emails that offer unsolicited job offers or lottery wins are usually scams. Or that half price luxury car for that matter. If it looks like a duck, sounds like a duck and walks like a duck, it’s likely… a duck!
And why would a German magnate donate you 1.5m Euros, really???
Hear from our Happy Clients
After more than 30 years in the industry, we know our stuff when it comes to ICT solutions and cyber security. But don’t take our word for it.
Hear what our clients have to say.
Another client success story by Jam Cyber: The Workplace Lawyers Sydney. Hear Co-Founder Hannah Ellis talk about her experience since 2015.
Brad talks about how little disruption was incurred when their interstate offices were moved to the cloud and appropriately secured using the Jam Cyber security framework.
Phil explains how Jam Cyber has been the trusted Cyber and IT partner since 2006 by adjusting solutions to scaling business.