The heart sinking moment when you’ve clicked a link and entered your details in panic then realise the email was not genuine. It happens to the best of us, usually there’s some form of urgency in the email. Act now or all your photos and videos will be permanently deleted, this was one I recently had. I must admit the email looked so genuine I was half tempted to click the link and enter all my details but common sense took over before I entered anything, but it really is so easy to fall for. Staying safe from spam and fishing emails is so important as it can cause no end of damage.
In this blog I’ll explain everything to do with phishing and spam emails, what to look out for and knowing the best practices to keep you and your employees safe.
Spam and Phishing emails: What’s the difference?
Phishing emails are a form of spam that’s been specifically designed to get your personal details, such as bank account log-in credentials and credit card numbers. They do this with a view to either steal your identity and/or defrauding your financial accounts.
Typically, a phishing email will look like it’s been sent from a genuine bank or financial services provider.
For example, it might use NatWest’s logo and branding and be sent from an email address that’s similar to, but slightly different from, Natwest’s actual URL, e.g. ‘natwest-1.co.uk’ instead of ‘natwest.co.uk’.
The aim of a phishing email is to get you to visit a hoax website (which again may look like the real thing) through a link within the email and enter your personal and/or financial details, which will then be stolen and used by criminals.
Spam, or junk emails, are unsolicited emails. They might promote products or services such as pharmacies or online dating, contain hoax virus warnings or charity appeals, or advertise ‘get rich quick’ schemes.
Whilst many spam emails are merely a harmless annoyance, they can contain viruses or malware that can seriously damage your computer. Junk emails can also be used as a front for phishing schemes.
Malware and viruses
Both spam and phishing emails can be used to infect your computer with malware and viruses, which are activated when you open a link or attachment within the email.
Viruses like these cost UK businesses millions of pounds a year in fraud, downtime and computer repairs, so it’s essential that you take steps to protect your company from attack.
Spotting suspicious Emails
It’s very important that you and your staff remain vigilant about any suspicious emails that may bypass your security systems and contain dangerous viruses.
Following these guidelines will help you identify and delete any suspicious emails before they have the chance to infect your network.
Always be cautious about downloading files and opening email attachments
Keep in mind that banks and other major companies don’t usually send out email attachments, so this is an indication that the email may not be from a trusted source.
Attachment file types .exe, .bat, .scr, .zip and .com are especially high risk.
Don’t respond to emails asking for personal and/or financial information
A genuine bank would never ask you to provide personal information by email.
And beware of fake messages such as ‘Urgent – log in now, your account details may have been stolen’, designed to prompt an immediate reaction.
Check any links in the email by hovering your mouse over them
If the URL that appears in the bottom left-hand corner of your screen looks suspicious in any way, don’t click on it.
And even if the link looks genuine, be wary of clicking on URLs that aren’t encrypted, i.e. that start with http:// not https://
Check the details in the address bar
Does your own email address appear in the ‘From’ field?
Are lots of addresses visible in the ‘To’ field?
Or does the sender’s email address look suspicious, e.g. the account name shows as ‘HSBC UK’ but the actual email address is ‘firstname.lastname@example.org’?
These are clear signs of a phishing email.
Be careful not to pass the problem on or make it worse
Replying to a scam email or clicking on a fake ‘Unsubscribe’ button will only tell the spammer that your email address is genuine, so don’t interact with it at all. You shouldn’t forward it to anyone else either unless you are reporting it through the National Cyber Security Centre’s phishing reporting scheme.
Look closely at the email’s content
Are there spelling or grammatical mistakes, or strange mixtures of numbers and letters, i.e. ‘Gambl1ng’?
Is the email poorly designed or in plain text when you’d have expected an HTML email featuring a logo, images and text?
Or is the whole email embedded in a single image? If so, hit Delete.
Three simple steps
Ask yourself these three questions if you are in any doubt about an email you’ve received:
- Do I know who or where it has come from?
- Am I expecting this email?
- Is it too good to be true, e.g. an offer to put money in your bank account?
If an email doesn’t look right, it probably isn’t. If you can’t verify that the message originated from a trusted source, it is best to delete it.
Step up your IT security
It is best practice to have properly configured and up-to-date anti-virus software. Anti-spam filters and firewalls to help minimise the threat of any infection from spam or phishing emails. If you don’t have these in place, we strongly recommend that you do.
It is important that your operating system, software applications and web-browsing software are kept fully up to date. Also with the latest security updates and patches installed.
Please get in touch if you are concerned you don’t have the right IT Security in place. Or if you would like assistance with any aspect of your security, we will be happy to help.