116 Gawler Place, Adelaide SA 5000 1800 818 875 cybersafe@jamcyber.com

Phishing-image
//Cybersecurity for business

16 Ways to Spot a Phishing Email:

Your Guide to Safer Inboxes

With our businesses becoming more digital, the need for heightened cybersecurity awareness has never been greater. One area that continues to be a headache for Australian SMEs is the world of phishing emails, one of the top 3 threats. You’ve probably heard the term ‘phishing,’ but do you know what it really means? 

What is a Phishing Email?

A phishing email is a fraudulent message designed to trick the recipient into divulging personal information, passwords, or even making unauthorised payments. These emails often mimic familiar brands, authorities, or even work colleagues or bosses to appear credible.

They can move between platform as well, i.e. by starting with an email and then moving on to a messenger app like whatsapp or telegram.

 

Phishing-image_31

Why Are They So Successful?

The success of phishing lies in its simplicity and psychological manipulation. By appealing to our curiosity, urgency, or even fear, these emails get us to drop our guard and click on or do something we shouldn’t. The cost of falling prey to a phishing email isn’t just monetary; it can have a massive ripple effect on your business, leading to data breaches and a loss of customer trust.

Why Are Phishing and Scam Emails So Dangerous to Businesses?

The most common phishing attempts are trying to gain access to your emails, files, accounts or other clous software you may be using. The greater the financial gain, the more likely it’s a target. Damage from falling for a phishing campaign can include:

 

Financial Loss

One of the most immediate effects of falling for a phishing scam is financial loss, both direct and indirect. Direct financial losses can result from funds being transferred to fraudulent accounts. Indirect losses include the cost of addressing the breach, potential legal consequences, and the loss of productivity during downtime.

Data Breach

Phishing emails often serve as an entry point for more complex attacks, leading to a full-blown data breach. Sensitive company data, customer records, and trade secrets could be exposed.

Reputation Damage

Customers put their trust in businesses to keep their data secure. A breach due to a phishing attack can significantly erode that trust and reputation, often leading to a loss of customers or clients.

Regulatory Consequences

Depending on the industry you’re in, strict guidelines about data protection may lead to hefty fines on businesses that fail to safeguard customer data.

Because of these damaging outcomes, it’s crucial for everyone—especially employees within a business—to be able to identify and guard against phishing attacks.

To help you navigate these murky waters, here are 15 pointers that will make you an expert at spotting phishing emails.

Phishing-image_30

16 Pointers to Spot a Phishing Email

1.  Unusual Sender Email

For example, if you get an email from “support@amaz0n.com,” that zero in place of an ‘o’ is a red flag. Generally, emails from freemail accounts like Gmail.com or Hotmail.com are never used by legit companies as they send from their own domains. A third source are hacked accounts from other internet users – receiving an email from a Romanian nursery about your Telstra mobile should raise flags from the get-go.

We recommend to implement an indicator which shows that emails come from outside your business. This helps with any phishing and other scams that impersonate a boss or coworker. <Instruction can be found here>

2.  Generic Greeting

Phishing emails often use generic greetings like “Dear Customer” because they don’t know your name. Genuine businesses with whom you have a relationship will use your first name.

3.  Spelling and Grammar Errors

Reputable companies have editors. Poor grammar and numerous spelling errors are a dead giveaway. However, with the rise of Artificial Intelligence, this pointer is on the way out. Modern scam emails can now even emulate the writing style of a sender, i.e. heavy use of emoticons.

4.  Unusual or Urgent Requests

“Your account will be terminated in 24 hours if you don’t verify your email!” – these sorts of messages aim to create a sense of urgency. As with all phishing approaches, they usually appeal to decency or urgency to trick you into handing over logon details.

5.  Suspicious Links

Always hover over links to check their destination. For instance, a link might display as “www.yourbank.com.au” but point to a different URL like www.wellscamyouhard.com.

6.  Attachments

Unless you’re expecting an attachment, be very wary—especially if it’s an executable .exe .bat .lnk or .zip file. Nowadays, they should all be blocked by default, really! If you don’t expect an attachment, don’t open it.

Also, if your business is not yet blocking HTM and HTML files, make sure you do. It’s one of the most commonly used phishing tricks which opens a fake local logon page that looks the part.

A more recent appearance are QR codes which take you to scam websites on your mobile devices. Same outcome!

7.  Asking for Personal Information

A legitimate company will never ask for your password, date of birth or payment details via email.

8.  Mismatched Branding

Mismatched logos, fonts, or colours can indicate a phishing attempt. As with spelling errors, this indicator is on the way out due to the rise of Artificial Intelligence.

9.  No Contact Information

Legitimate emails usually contain a signature with the company’s contact information. Phishing emails often skip this. Under Australian SPAM law, not only do companies have to clearly indicate their details, but they also need to provide a simple unsubscribe option. If both are missing, it’s sure not to be legit.

10.  QR Code

A more recent appearance are QR codes which take you to scam websites on your mobile devices. Same outcome!

11.  Request for Money

If an email is asking you to send or wire money, especially to a foreign account, that’s always a scam. Unless you’re a currency trader, maybe. No matter how convincing the story or reason: Think twice and ask for a reflection of the story by someone you trust. This simple switch breaker will often make you realise you’re about to be scammed.

12.  File Download Redirects

An email asking you to download a strange file type, such as a .bat or .exe file, is almost certainly phishing. Or worse: Ransomware. Once on your local computer and run, that software can do whatever it likes to, including accessing open internet pages giving access to your social media accounts or emails.

13.  Offers That Are Too Good to Be True

Emails that offer unsolicited job offers or lottery wins are usually scams. Or that half price luxury car for that matter. If it looks like a duck, sounds like a duck and walks like a duck, it’s likely… a duck!

And why would a German magnate donate you 1.5m Euros, really???

14.  Overuse of Capitals and Exclamation Marks

An email that contains a subject line with too many capital letters or exclamation marks should raise eyebrows. Another favourite are fireworks and party emoticons. Click delete right there.

15.  Lack of Transparency

If an email talks about an “account” or “payment” but fails to specify what kind of account or what the payment is for, that’s suspicious. In order to broaden the potential victim base, generalising requests is a technique often used. If it’s not clear, it’s a smear!

16.  Gut Feeling

Sometimes you just know something’s off. Trust your instincts and double-check before taking any action. If in doubt, throw it out! Or call the sender via a number that was NOT in the email to verify authenticity.

With these 16 pointers, you’ll be a pro at identifying phishing emails and keeping your business secure. We all have a role to play when it comes to cybersecurity, so let’s make it a priority! If you’d like to discuss Security Awareness Training, contact us  anytime.

// Testimonials

Hear from our Happy Clients

After more than 30 years in the industry, we know our stuff when it comes to ICT solutions and cyber security. But don’t take our word for it.

Hear what our clients have to say.

Jam Cyber Testimonial Workplace Lawyers
Play Video

HANNAH ELLIS

Another client success story by Jam Cyber: The Workplace Lawyers Sydney. Hear Co-Founder Hannah Ellis talk about her experience since 2015.

Jam Cyber Testimonial DG Air
Play Video

BRAD NICHOLSON

Brad talks about how little disruption was incurred when their interstate offices were moved to the cloud and appropriately secured using the Jam Cyber security framework.

Jam Cyber Testimonial Duraflex
Play Video

PHIL EDWARDS

Phil explains how Jam Cyber has been the trusted Cyber and IT partner since 2006 by adjusting solutions to scaling business.

js_loader
Have questions? Search our knowledgebase.