… and you’ll protect them for a day; teach them to spot a phish, and they’ll be protected for a lifetime!
(Need Help? We’re Here!: If you’re still unsure about an email after reading this guidance, we’re always happy to check! Just forward the actual email as an attachment to us at our support address – as we can’t assess risks from images alone – and we’ll help you determine if it’s safe.)
Phishing emails are getting harder to detect. Cybercriminals have refined their tactics, making their scams look more authentic than ever. The best defense? Education. Learning to spot phishing emails can protect you and your organisation from falling victim to these cyber traps.
For a quick overview, check out this 2-minute video: Spot Phishing Emails
How to Identify a Phishing Email
1. Poor Spelling, Grammar, and Formatting
While some cybercriminals may not be fluent in English, others deliberately include spelling mistakes to bypass spam filters. If an email looks unprofessional, be suspicious.
2. Unexpected Attachments
Phishing emails often contain malicious attachments disguised as invoices, reports, or receipts. If you weren’t expecting an attachment, don’t open it until you verify the sender.
3. Impersonation of Trusted Brands
Scammers frequently mimic well-known brands, using logos and formatting that appear legitimate. Don’t trust an email based on looks alone – scrutinise its contents carefully.
4. Suspicious Links
Phishing emails often include links to fake websites designed to steal your credentials. Before clicking, hover over the link to see the real URL. If it looks off, don’t proceed.
5. Spoofed Email Addresses
Attackers may impersonate colleagues, managers, or even the CEO to manipulate employees. Always verify the sender’s email address by hovering over their name to reveal the actual source.
6. Use of Images to Evade Filters
Many organisations use email security filters to block malicious emails. To evade these, scammers may use images containing embedded text instead of actual text, making them harder to detect.
7. Creating a Sense of Urgency
Phishing emails often pressure recipients into acting immediately – claiming an account has been compromised or that urgent action is required. Legitimate organisations rarely communicate urgent security matters via email.
Stay Protected
Phishing remains one of the most effective tactics cybercriminals use, but awareness is the best defense. runPCrun provides regular cybersecurity training to employees on a Care Plan to reduce the risk of attacks.
By staying vigilant and practicing these detection methods, you can keep yourself and your organisation safe from phishing scams. Always think before you click!