Most people have an email account, which means chances are you have encountered a malicious phishing scam.
Scam emails are constantly evolving with the times and will focus on a relevant topic of the time, such as GDPR. They will put anything in the email to try and get you to click a link or download a file, but once you know what to look out for, you will never be fooled.
Above is an example of the most basic form of phishing. This is a real email we received and is basically trying to get the user to click that link with the pull of a large invoice. Firstly, you should look at how unofficial their email address looks, as well as the fact you know nothing about this supposed invoice. It’s better to be safe than sorry and check with the sender before clicking a link.
Most of these types of emails have no information about you, and just try to get you to action something urgent such as; a delivery being stopped, a large bill for something you didn’t buy or email address verification.
Another thing to look out for are very blatant spelling errors in official looking emails. There is no thought behind this type of phishing email, and they are sent out randomly to thousands of addresses.
Many people are used to standard phishing spam emails and don’t fall for them, but spear-phishing is another level and we get many questions about it. Spear-phishing is when somebody has found out some information about you or your business and uses that to make their fake email seem more legitimate.
In many cases they will pretend to be a member of the company or use a name they have found online. A popular form of spear-phishing at the moment is pretending to a CEO/manager – and sending emails requesting something to Payroll, HR or less senior employees, as they are more likely to click without asking questions.
If you receive one, question whether the email looks like your company emails, and whether the person would email you.
What to look for
This is a much more targeted scam than the standard phishing and requires a trained eye to notice issues. If you the email you received asks you to click a link or download a file, thoroughly inspect the email address, the link address and file name.
If something looks a bit off, check with somebody.
Either the person you thought had sent it, or with us. We had something like this happen with a client very recently, as they got an email where somebody was pretending to be someone who works at the company. Since the employee names and email addresses are in the public domain, scammers try to replicate them and trick people.
And moving even further up…
The ‘whaling’ form of phishing is much like spear-phishing, but aimed at high profile, upper management email addresses. They are highly customised and personalised to try and trick the user into thinking the email is trustworthy and legitimate.
These types of emails may focus on the Managing Director, or Executive, or someone they can guess has admin access to several things within the company. The scammers try harder and spend more time preparing this spam email because they know if they can trick the high level user, they can likely gain access to most internal data in the company due to high security clearance.
These types of emails are an advanced form of spear-phishing but are also rarer as they are not automated. In this situation the scammers will do heavy amounts of research into what this person would open in an email, which it makes it essential to educate all staff in what to look for, and to have proper security measures in place.
If you are unsure about an email you have received, we are more than happy to take a look for you.
Worried about your security if a phishing email was clicked on? Head over to our Security And GDPR page for more information
Call 01212700808 or send the email with a message to firstname.lastname@example.org