Spotting and Dealing
with Phishing Emails
What’s a phishing email?
A phishing email is usually defined as being “an attempt to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity, in electronic communication”.
In other-words, phishing is the modern version of the age-old problem of fraudsters trying to scam unsuspecting people. Those carrying out the attempted scam will send malicious fake emails in an attempt to get you to reveal your sensitive information, usually with the end purpose of stealing money.
How to spot a phishing email
Fraudsters will often use our emotions in an attempt to get us to respond to the message and reveal the information they want to gain.
Common themes that are used in scams can include:
- You’ve won a prize or some other unexpected financial gain
- Scare tactics such as an overdue invoice and the threat of turning off a service
- Requests to donate to a charitable organisation, often following a humanitarian crisis such as an earthquake
- Unusual email attachments and asking for personal information
We’d recommend that you always take a moment to think ‘am I expecting this email?’.
Dealing with phishing emails
It’s important for you to become familiar with identifying possible phishing emails, how to report them, and what to do if you think you’ve been a victim.
Additional checks to carry out
If you’re unsure whether you’ve received a phishing email, there are some additional checks that you can carry out.
- Check the website associated with the link matches the text in the email.
Note: To check the link in the email, roll your mouse pointer over it and see if what pops up matches the text in the email. If they don’t match, don’t click the link.
- Check the sender’s name matches the email address. If it doesn’t, be suspicious of the email.
What to do if you think you have been a victim of a fraudster
If you suspect that you’ve responded to a phishing scam with personal or financial information, take these steps to minimise any damage:
- Change the information you’ve revealed. For example, change any passwords or PINs on the account or service that you think might have been compromised.
- Contact your bank or the service provider directly.
Note: Don’t follow the link in the fraudulent email message.
- Routinely review your bank and credit card statements for unexplained charges or enquiries that you didn’t initiate.
Can I report phishing emails?
Typically the best thing to do with a suspected phishing email is to delete it, however, if you have any concerns about your system or email security you can report these emails to us. To safely report the email you suspect is counterfeit, without opening any attachments or replying to the email, you can do the following:
- Create a new email and attach the email you suspect is counterfeit
then sendthe email to your email system provider (email@example.com if we are supporting your email) and they can then take a look and contact you to advise on the next course of action.
- Alternatively, you can forward the email to your email provider (again, firstname.lastname@example.org if we are supporting your email), noting that, as above, sending the counterfeit email as an attachment is the best way to preserve information which will make it easier for us to trace its origins.
Need more information on email solutions like Microsoft Office 365, or advise on system security? Just give us a call on 01226 361100, drop us an email to email@example.com, or complete the form below.