How to spot and deal with phishing emails
Published 17 January 2024
Phishing emails are a non-stop hassle and risk. Even with the best systems in place, some can still get through to our mailboxes. Well over 90% of hacks and cyber incidents start with a phishing email.
Here is some advice for our clients to supplement their cyber training, and to avoid phishing pitfalls.
You can spot phishing emails by looking for the following signs:
- Suspicious sender. Check the sender's email address for irregularities or misspellings, especially the domain or company name.
- Unusual sender behaviour. If you receive an email from someone you know but the content seems unusual, verify its authenticity before taking action.
- Urgency and sense of fear. Phishing emails often create a sense of urgency to prompt immediate action. They may threaten consequences if action isn't taken.
- Requests for personal information. Legitimate organizations rarely ask for sensitive information via email.
- Poor grammar and spelling. Phishing emails often contain grammatical errors and spelling mistakes.
- Suspicious links. Hover over links to see the actual URL and avoid clicking if it looks suspicious.
- Unexpected attachments. Be cautious of unexpected attachments, especially from unknown senders.
- Generic greetings. Phishing emails often use generic greetings like "Dear Customer" instead of your name.
If you are unsure about an email:
Do:
- Contact the supposed sender through a separate, trusted channel to confirm the email's legitimacy, or
- Delete the email if it seems to serve no legitimate purpose, or
- Ask the Maple IT team if neither of the above apply. If they ask you to forward it to them, send it as an attachment to a new email.
Do not:
- Click on links in the email. These may take you to malware loaded websites, or fake websites designed to look genuine to trick you into handing over login details.
- Reply to the email. This may encourage the sender that you are there waiting to be caught.
- Forward the email to your colleagues. This is a really bad thing to do. You may just be causing somebody else to fall into the trap you are unsure about.
Always
- Remember the phishing emails can cause enormous damage if not handled correctly.
- Stay aware. Even with the best cybersecurity systems in place, phishing emails will sometimes find their way through to your inbox.
- Stay educated. Keep on top of the IT news and especially guidance and any bulletins from your IT team.
- Report persistent phishing emails to the IT team. Do not forwarded them unless instructed to do so by an IT team member.
- Remember to follow the process above. You only need to fall for one phishing email to cause problems for you and/or your company.