In today’s cyberwar climate, everyone is a target – not least for malicious phishing emails. Here, IT support firm Central explains what to look out for and how you can protect yourself and your organisation
An attack vector used by criminals to gain access to personal information – such as login credentials or banking details – phishing usually manifests in email, SMS, or telephone messaging.
By posing as a trusted sender to dupe targets, perpetrators present a significant threat to organisations large and small, with the potential to gain dangerous foothold into corporate networks and compromise sensitive information.
What’s more, with the increasing sophistication of cybersecurity attacks, it can be hard to differentiate genuine digital communications from fraudulent ones.
Emails sent from malignant senders may read well and look professional – sharing an acute likeness with examples that have landed in your inbox before – but that doesn’t always mean they’re legitimate.
However, by exercising caution and looking out for the major warning signs, there are ways to arm yourself from these invasive attacks.
Although state-of-the-art technology is available to help identify threats, it’s unrealistic not to expect some to slip through the digital net – that’s why humans must be a primary defence, too.
Here are five tell-tale signs that you should bear in mind.
Grammatical errors and misspellings
An immediate signal that an email has come from an untrusted source is that it contains grammatical errors and spelling mistakes – whether that’s one or two, or riddled throughout the entire copy.
This is because phishers don’t have access to the same resources that professional writers do, and so their work has seldom been proofed and standardised by another pair of eyes.
Because cybercriminals also spend a lot of their time distributing malicious messaging, their attacks are often rushed and therefore more likely to contain errors.
Of course, legitimate emails can sometimes land with minor mistakes, likewise fraudulent ones aren’t always replete with typos, so be sure to consider other factors before jumping to conclusions.
Looking for inconsistencies
Looking for discrepancies in email addresses, links, and domains is another way to identify potential phishing attempts.
Unless made explicit previously, a sender’s email address should align with prior correspondence – if it doesn’t, this should raise alarm bells.
It’s also worth checking that embedded links throughout a message correlate with the pop-up that appears when a cursor is hovered over the top.
For example, if you have received an alleged email from Central Networks, yet the domain of the link doesn’t include ‘centralnetworks.co.uk’, you should flag this as a potential threat.
Checking for misspelling is also crucial here, as a sender may pose an almost identical alternative, such as ‘centrallnetworks.co.uk’.
Stretched, blurred, or pixelated images – as well as attachments that are unexpected, don’t offer a preview, or have an extension commonly associated with malware downloads (.sys, .exe, etc.) – should arouse suspicion.
However, with the right software, recipients can scan these for viruses before choosing how to act.
“Always be cautious with time-sensitive requests, and make sure they align with something you’d expect”
If an infected attachment is presumed to be benign and opened, it will unleash malware onto the victim’s computer and enable cybercriminals to perform any number of nefarious activities.
Unless you’re entirely confident in the legitimacy of an image or attachment, it’s always best practice to leave them unopened. You could always contact the sender through an alternative method to verify the contents, if you think it might be important.
A sense of urgency
Perpetrators have a tendency to create panic in their digital communications, largely because swift decision-making has the ability to cloud judgement and leave errors undetected – ultimately ruining their plans to compromise your data.
While urgency can take shape in various ways – such as suggesting that an account is restricted, that details have expired, or even threatening negative consequences if a demand is not met – the likelihood is, someone who had a genuine need for haste would reach you on a personal contact number to speak directly.
Always be cautious with time-sensitive requests, and make sure they align with something you’d expect.
For example, if you’ve just had a failed attempt to log into a Microsoft account and received an email saying that your password must be reset, it’s probably real – though be sure to check for other areas of concern so you can be confident it’s not a cyber-attack.
Unusual requests or an unfamiliar tone
Intuition is a real virtue in the digital world. If an email arouses suspicion because it doesn’t seem like something you’d usually be approached for, or how someone would usually communicate with you, it’s a good idea to trust your senses.
For instance, if a colleague is overly familiar – despite having only engaged with you once or twice – or a company that you don’t recall having any involvement with requests updated information, this should raise a red flag. It’s always a good idea to look for other indicators that such examples could be illegitimate.
Identification is the first step in any cybersecurity strategy, which is why employee awareness of phishing scams is crucial. The chances are, if one member of the team is on the receiving end of a threat, others are too.
By reporting suspected fraudulent emails to the incident and security response team – or your organisational equivalent – employees can enable rapid responses to potential phishing attacks and help mitigate the risks of sabotage.
Falling prey to cybercriminals can be daunting, but with the right knowledge and procedures in place, it’s an avoidable feat that can help protect not only your personal data, but also your reputation, time, and expenses.
Read next: Northern Housing Awards 2022: The winners
Are you a social housing professional? Sign up for a FREE MEMBERSHIP to upload news stories, post job vacancies, and connect with colleagues on our secure social feed.