Skip to content


Five Tips for Spotting Phishing E-mails

iStock_000043885882_XXXLarge_web

Christmas is coming, bringing busy customer activity with it. With e-commerce sales set to spike it’s an opportunity for organizations to thrive – cyber criminals too. Conditions during the Christmas period are perfect for cyber criminals to exploit the unwary, there’s typically a lot of revenue streaming in and employees being distracted by unforgivingly fast-paced work.

Cyber criminals enjoy employing a technique known as ‘phishing’; viruses camouflaged as seemingly harmless e-mails. Employees who click on these phishing e-mails could unwittingly unleash viruses into the organization’s IT network with potentially disastrous consequences.

We’ve compiled a list of five top tips on spotting such phishing attempts. Hopefully you’ll be able to spot them before you’ve even opened the e-mail.

  1. Notice incorrect spelling and/or grammar:

    Phishing e-mails often have suspiciously vague, miss-spelled subject lines which are particularly easy to spot when sent from a (hacked) employee who typically doesn’t misspell the contents of their e-mails.Surprisingly this is often a deliberate tactic employed by hackers to identify easier targets. When an employee opens a deliberately miss-spelled e-mail it suggests to the hacker that they’re particularly susceptible to scams. Hackers will consequently focus their efforts on these individuals, viewing them as easy prey.

  2. Check the sender’s e-mail address:

    An easy way to identify a dodgy e-mail is to check if the sender’s domain is legitimate and aligns with the sender’s name. Depending on which e-mail client you use, the domain is usually displayed beside the sender’s name. For example, an alleged e-mail from Skynet should have a domain name such as ‘t1000@skynet.com’ as opposed to ‘t1000@skyknot.com’.

  3. The e-mail is requesting personal information:

    One of the most glaringly obvious indicators of a phishing attempt is that e-mail’s requesting you to provide personal details, i.e. passwords, social security number, particularly in instances where it’s against company policy to request such information. Even if the e-mail’s from a recognizable source, never provide this sort of information without identifying if the e-mail’s legitimate.

  4. Is the e-mail trying to create a sense of urgency?

    While I’m not suggesting that you help bring your company to ruins by ignoring high-priority messages from your colleagues – be wary of e-mails that request you respond or provide important information with haste. Commonly phishers attempt to bait their targets by suggesting the recipient’s received a large sum of money, which can only be obtained by providing sensitive bank details.

  5. The e-mail contains suspicious attachments:

    Depending on how sly the phisher is – their e-mails may include an attachment with an obscure file name. Risky file formats include exe, Scr, .zip, .com. and .bat. These e-mails often claim that the attachment contains important details; others may be more blasé and simply ask you to open the attachment. Bear in mind that retailers and banks etc. will typically never send attachments via e-mail.

According to an article from IT Governance, 156 million phishing e-mails are sent daily – of which 15.6 million manage to sneak through spam filters. While we encourage organizations to train their staff through a cyber-security certification – simply spreading awareness of existing threats is a great preventative measure.

Posted in Cyber Security.

Tagged with .


One Response

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. Marius says

    Thank you for this article