Email phishing scams have become the notorious bait used by cybercriminals to hook unsuspecting individuals and businesses. It’s a quirky world where deception knows no bounds. But don’t fret – we’ve got your back! In this blog, we’ll dive into the murky waters of phishing emails, exploring what they are, common scams in the UK, common targeted businesses, ways of identifying phishing emails and steps to prepare, prevent, or handle a phishing attack.
Phishing emails are fraudulent messages that appear legitimate, often mimicking reputable businesses. For example – emails claiming that your Amazon Prime membership has expired, or emails pretending to be Royal Mail and asking you to pay for postage on a parcel due to be delivered to you.
Cybercriminals use phishing emails to trick recipients into revealing sensitive information, such as passwords, credit card details, and personal data. These emails may prompt you to click on malicious links, download attachments, or divulge confidential information.
Phishing scams in the UK come in various forms, including fake bank notifications, HMRC tax refund claims, parcel delivery issues, and more. These scams prey on people’s trust and curiosity, making them susceptible to falling for the bait.
Microsoft Phishing Scams:
Sender Impersonation: Cybercriminals often send emails that appear to come from Microsoft or its various services like Outlook, OneDrive, or Microsoft 365. They may use a domain name similar to Microsoft’s, making it challenging to distinguish from the real thing.
Requests for Verification: The phishing emails may claim that your Microsoft account is at risk, or that your password needs updating, and that you need to verify your identity or update your account information. They’ll typically ask you to click on a link to a fake login page and enter your credentials. In the above example, if you were to hover over the portal link, you would see that the URL is not a Microsoft site.
Suspicious Attachments: Attachments within these emails may contain malware or viruses, posing a threat to your system.
Microsoft is a popular target because so many individuals and businesses rely on its services.
Royal Mail Phishing Scams:
Sender Impersonation: Scammers may send emails that appear to be from Royal Mail, claiming issues with a parcel delivery. These emails can look convincing, often including the Royal Mail logo and branding.
Delivery Redirection: The email may ask you to click on a link to “track” your parcel or “resolve” a delivery issue. This link could lead to a fake website where you’re asked to enter personal and financial information.
Royal Mail phishing scams are particularly prevalent in the UK, especially during peak shopping seasons such as now, ahead of the festive season, or global events, such as the COVID-19 pandemic, which saw a surge in delivery-related scams.
Amazon Phishing Scams:
Sender Impersonation: Scammers may impersonate Amazon or Amazon Prime in their emails, using similar branding and logos to make the email appear legitimate.
Fake Order Confirmations or Account Issues: These emails often claim you’ve made a purchase on Amazon and ask you to verify your account or payment details by clicking on a link. Or, like the example above – they may claim that your account details/payment information requires updating. You can see in the above image, the sender email address does not look like a legitimate Amazon address.
Suspicious Attachments: Some emails may include attachments purportedly containing invoices or order confirmations that actually contain malware.
Amazon phishing scams are quite common, given the popularity of the platform. The frequency may increase during holiday shopping seasons or special sales events such as black Friday,
Cybercriminals don’t discriminate – businesses of all sizes can be targets. However, small and medium-sized enterprises (SMEs) often lack the robust cybersecurity measures that larger businesses may have in place. Phishing attacks on SMEs can result in data breaches, financial losses, and damage to their reputation.
Phishing emails can be convincing, but they often contain subtle signs that give them away. To protect yourself and your business, it’s important to be vigilant and train your employees to recognise the following red flags:
Check the Sender’s Email Address:
Look closely at the sender’s email address. Phishing emails often use slightly altered or fake addresses that mimic legitimate businesses. Verify that the domain matches the official website of the supposed sender.
Be wary of email addresses with strange combinations of numbers, letters, or symbols. Legitimate companies typically use professional and consistent email addresses.
Phishing emails often start with generic greetings like “Dear User” or “Hello Customer” instead of addressing you by name. Legitimate companies usually personalise their emails with your name.
Urgent or Threatening Language:
Phishing emails often create a sense of urgency or fear to pressure you into taking immediate action. Watch out for phrases like “Your account will be suspended” or “Immediate action required.”
Spelling and Grammar Errors:
Many phishing emails contain spelling and grammar mistakes. While reputable companies proofread their messages, scammers may not pay as much attention to detail.
Hover your mouse over any links in the email without clicking on them. A tooltip should show the actual web address the link leads to. If it looks suspicious or doesn’t match the official website, it’s likely a phishing attempt.
Be cautious of links that use URL shorteners, as they can conceal the true destination.
Be sceptical of unexpected emails that ask you to provide sensitive information, such as login credentials, credit card numbers, or personal details. Legitimate companies typically don’t request such information via email.
Watch out for unsolicited attachments or downloads, as they may contain malware. Only open attachments from trusted sources.
Look for Mismatched Logos and Branding:
Phishing emails may include logos and branding that don’t quite match the official ones. Pay attention to any visual discrepancies.
Verify Contact Information:
If you’re unsure about the authenticity of an email, don’t use the contact details provided in the message. Instead, go to the official website of the organisation and find their contact information to verify the request.
Check the Signature:
Legitimate emails often include the sender’s full name, position, and contact details in the email signature. Phishing emails may lack this information or contain incomplete signatures.
Trust Your Gut:
If an email seems too good to be true or raises suspicions, trust your instincts. It’s better to be overly cautious and investigate further than to fall victim to a phishing attack.
So, now we know what a phishing email is, what some of the common phishing emails may look like and how to do your best to spot a phishing email, let’s have a look at how we can prevent these attacks from harming us, our business or our devices –
Use Security Software:
Implement strong email filtering and antivirus software. These tools can help identify and block phishing emails before they reach your inbox.
By staying vigilant and educating your employees about these warning signs, you can significantly reduce the risk of falling for phishing scams. Encourage a culture of cybersecurity awareness within your organization to protect your business and its data. Our IT support team can help you decide what level of security would be best and can support you in implementing any changes.
Training your employees to recognise and report phishing emails is crucial. Conduct regular cybersecurity awareness training to keep them informed about the latest tactics used by cybercriminals. Ensure that your team knows who to contact if they suspect a phishing attempt.
Implement robust email filtering, spam detection, and antivirus software. Encourage the use of strong, unique passwords for every account, and enable multi-factor authentication. Regularly update software and systems to patch vulnerabilities that cybercriminals may exploit. You can read more about Multi-Factor Authentication, or MFA, on our previous blog.
In case an employee falls for a phishing scam, have an incident response plan in place. Isolate the compromised system, change passwords, and report the incident to the appropriate authorities. Communicate the breach to affected parties and provide guidance on protecting their data.
In the world of email phishing, the line between real and fake can be razor thin. But with the right knowledge, vigilance, and cybersecurity measures, you can navigate these waters with confidence. Stay informed, train your team, and bolster your defences to outsmart cybercriminals and protect your business from the lure of phishing emails.
If you’re on the search for reliable IT support, we would be delighted to hear from you.