Listen to this post!
Getting your Trinity Audio player ready...

As part of our ongoing commitment to be technology-driven, we’d like to share practical information about identifying and handling phishing emails. One of the best ways you can improve your cyber safety is to understand the warning signs of phishing email attacks. These deceptive messages pose a significant threat to your operations, but with the right knowledge, you can stay ahead of scammers.

First, what is a phishing attack? Phishing is a cyber-attack where scammers impersonate legitimate entities (like banks, vendors or even colleagues) to trick us into revealing sensitive information, clicking malicious links or downloading harmful attachments. To protect against phishing attacks, you need to understand the telltale signs that a sender is not who they say they are.

If you suspect an email is malicious, do not reply or open links or attachments. Instead, forward the email to your IT department or report it to your email provider. They will investigate the email and either block the sender or inform you that the email is safe. In this blog, we will discuss the red flags to watch out for in emails.

Check the sender’s email address carefully. Cybercriminals often use variations of legitimate domains or create convincing imitations. Look for misspellings or unusual characters. For example, “microsoft-support@outlok.com” instead of microsoft-support@outlook.com. Some email providers help identify a potential attack. For example, Outlook flags emails from outside your company or unknown senders with a blue banner at the top of the email body banner that reads “*External Sender Warning.” This warning is a helpful indication that the sender is not a member of your team even if they say they are.

It is common for spammers to create free accounts with Outlook, Hotmail or Gmail. While these are common for personal emails, companies usually use their own domain name. So, a corporate email coming from an @outlook.com or @gmail.com account should be treated with suspicion.

Attackers try to avoid detection by buying custom domains like legitimate businesses. This could be a slight misspelling as mentioned above. Or senders may use a legitimate business name with an uncommon top-level domain (the “.com” part of the email address). This is because the .com version has already been taken by a legitimate company, or it is cheaper to buy a top-level foreign domain. Many spammers are sending from .com or .org, but others send from uncommon domains like “.de” or “.sg.” Uncommon domains are a good indicator that the email deserves closer evaluation.

Phishers create urgency. They might claim your account is compromised, your payment failed or your data will be lost. Be cautious if the email threatens consequences (like account suspension) unless you act immediately. You can counter these attacks by slowing down to check for other warning signs when emails urge you to hurry.

Hover over links before clicking. Verify that they lead to a legitimate website. If you are unsure of where a link leads, forward the email to your IT department and they can investigate the link in a protected environment.

Exercise the same caution with attachments. Attachments can harbor malware. Only open attachments from trusted sources. Before opening an attachment, check that the sender is legitimate.

Phishing emails often lack personalization. They might address you as “Dear Customer” or “User.” Legitimate organizations usually use your name.

When in doubt, verify the email’s legitimacy before taking action. If you are unsure if an email is legitimate, please do not interact with it. Instead, forward it to your IT department or report it for closer investigation.

Although cyber-attacks can be a threat, when you’re informed about tactics and suspicious characteristics, you can defend against them!

Share this post!

Have another question?

Ask Broomer