Can You Catch A Phish? 7 Top Tips To Spot Malicious Emails

Published: 27 June 2018

Here’s a scary statistic: phishing emails have six times the click-through rate of genuine marketing emails. Can you tell the difference between genuine and phishing emails?

Nearly all of us have received emails from someone overseas offering a large sum of money or a sketchy drug company promising to revolutionize our love life. Ah those promises! However, cybercriminals are now taking a different approach with highly personalised spear phishing attacks looking for login credentials or credit card numbers. Here we explain more….

What is spear phishing?

Spear phishing is a targeted email attack in which hackers use email to masquerade as someone you know or trust to lower your defences and ask you to click on a malicious link or to supply sensitive information like passwords or bank details.

This is often as simple as copying the name of your manager from your company website, so you might get a work email from him or her, clicking on which could expose your entire network. It might also be an email from your bank or PayPal for example.

Can you catch a phish?

According to IT Governance, every day…

  • 156 million phishing emails are sent
  • 6m make it through spam filters
  • 8m are opened
  • 8000k people click on the phishing links
  • 80k provide their information

So how not to fall for the bait…

  • If it just doesn’t look right, trust your instincts and Do. Not. Click.
  • Look for generic names like “Dear Customer”
  • Beware of links to official looking sites asking you to enter sensitive data
  • Don’t let a sense of urgency trick you into moving fast without thinking
  • Look for poor grammar, spelling or syntax
  • Look at details like website names that are similar to official websites e.g. google.com vs. g00gle.com

How do you protect your organisation?

Did you know 60% of SMEs that have been hacked go out of business within six months of the cyber-attack? Here is how you can get protected…

  • Password management – Outline rigorous standards for secure passwords and insist on regular expiration and change.
  • Two-factor authentication – Use two-factor authentication rather than fixed passwords to authenticate high-risk network services like VPNs.
  • Patch Management– Ensure your systems are patched proactively and prevent unknown vulnerabilities from being exploited!
  • Antivirus defences – Layers of the latest antivirus defences at vulnerable locations like mail gateways will lower the risk of phishing emails.
  • Build a security-aware culture – Educate employees and empower them to recognise threats and make smart security decisions on their own.
  • Change management – Develop processes that help staff take the best course of action in case of attack.
  • File encryption – Make it difficult for outside parties to decrypt your data even if they get their hands on it.

Explore our security solutions here >

TOP TIP: If you receive a suspicious email from someone you trust, but you’re not sure if it truly came from them, stop by their office, pick up the phone, or send them a separate email. The two minutes it takes to establish validity is absolutely worth it!

Read More

World Password Day – Are your employees’ passwords protectin...

5 May 2022

Your employees protect your critical business data - Get your free password protection guide!

Xperience Granted a Platinum Partner Status with Sophos

27 April 2022

Xperience is delighted to announce they have been granted ‘Platinum Partner Status’ with Sophos. Read more...

Government Guidance To Take Cyber Security Action Following ...

23 March 2022

Organisations should follow the NCSC's guidance regarding the current global cyber threat; specifically wiper malware.

Cybersecurity advice during the current Russia-Ukraine crisi...

4 March 2022

Cybersecurity advice during the current Russia-Ukraine crisis

Free Phishing Tool – Make sure your business isn’...

21 February 2022

Free Phishing Tool - Make sure your business isn't bait!