Can You Catch A Phish? 7 Top Tips To Spot Malicious Emails

Published: 27 June 2018

Here’s a scary statistic: phishing emails have six times the click-through rate of genuine marketing emails. Can you tell the difference between genuine and phishing emails?

Nearly all of us have received emails from someone overseas offering a large sum of money or a sketchy drug company promising to revolutionize our love life. Ah those promises! However, cybercriminals are now taking a different approach with highly personalised spear phishing attacks looking for login credentials or credit card numbers. Here we explain more….

What is spear phishing?

Spear phishing is a targeted email attack in which hackers use email to masquerade as someone you know or trust to lower your defences and ask you to click on a malicious link or to supply sensitive information like passwords or bank details.

This is often as simple as copying the name of your manager from your company website, so you might get a work email from him or her, clicking on which could expose your entire network. It might also be an email from your bank or PayPal for example.

Can you catch a phish?

According to IT Governance, every day…

  • 156 million phishing emails are sent
  • 6m make it through spam filters
  • 8m are opened
  • 8000k people click on the phishing links
  • 80k provide their information

So how not to fall for the bait…

  • If it just doesn’t look right, trust your instincts and Do. Not. Click.
  • Look for generic names like “Dear Customer”
  • Beware of links to official looking sites asking you to enter sensitive data
  • Don’t let a sense of urgency trick you into moving fast without thinking
  • Look for poor grammar, spelling or syntax
  • Look at details like website names that are similar to official websites e.g. vs.

How do you protect your organisation?

Did you know 60% of SMEs that have been hacked go out of business within six months of the cyber-attack? Here is how you can get protected…

  • Password management – Outline rigorous standards for secure passwords and insist on regular expiration and change.
  • Two-factor authentication – Use two-factor authentication rather than fixed passwords to authenticate high-risk network services like VPNs.
  • Patch Management– Ensure your systems are patched proactively and prevent unknown vulnerabilities from being exploited!
  • Antivirus defences – Layers of the latest antivirus defences at vulnerable locations like mail gateways will lower the risk of phishing emails.
  • Build a security-aware culture – Educate employees and empower them to recognise threats and make smart security decisions on their own.
  • Change management – Develop processes that help staff take the best course of action in case of attack.
  • File encryption – Make it difficult for outside parties to decrypt your data even if they get their hands on it.

Explore our security solutions here >

TOP TIP: If you receive a suspicious email from someone you trust, but you’re not sure if it truly came from them, stop by their office, pick up the phone, or send them a separate email. The two minutes it takes to establish validity is absolutely worth it!

Read More

Why using multiple layers of backup is a necessity

11 April 2024

It's important to backup. Ransomware risks continue to rise and files can become corrupted. Read our blog to find out more.

MFA: why you need additional Cyber Security defence  

14 March 2024

MFA (Multi Factor Authentication) is a great tool for adding an extra cyber protection, however it's not enough on its own.

Is an annual penetration test really necessary?

13 March 2024

Do you need an annual Penetration Test? Our CTO Simon Barnes discusses everything from what is insurance mandated and the risks involved.

Ransomware – A threat to all organisations

29 November 2023