What is a phishing email?
A phishing email is an attempt to obtain sensitive and personal information from the email’s recipients, such as passwords and credit card details, or to deceive them into sending money to a fake bank account under false pretences.
This is how it happens: You receive an email from what appears to be a familiar or trustworthy source like a known organisation in your area or a colleague asking you to make an action either by clicking a link, visiting a website, filling in your personal details or even sending out money immediately to a fake bank account. The sender usually uses clever tactics to convince the target that the email is a genuine one and urge them to action the request as soon as possible. For example, an email telling you your colleague has shared a Dropbox album with you and you need to click a link to view it.
Types of phishing emails
- Spear phishing is an email that targets a particular organisation or individual seeking sensitive information and data for malicious purposes. Attackers may also intend to install malware on a targeted user’s computer.
- Clone phishing is an email that looks exactly like a trustworthy email by a known organisation that you previously received, such as a Facebook friend request notification or a new issue of your favourite magazine. The sender usually clones this trusted email, tweaks the links and resends it through what will appear to be the same source, leaving you with no suspicions.
- Whaling is a type of phishing that usually directed specifically at senior executives and other high-profile targets within businesses who usually have access to highly valuable information. This type of phishing is usually more difficult for automated systems, such as spam filters, to detect as the attackers often don’t use malicious links or harmful attachments.
How to spot a phishing email
Here are the common features of a phishing email to look out for:
- The sender is not someone you usually communicate with
- The email is from someone outside of your company and the content is not related to your responsibilities
- the sender is a vendor, client or partner but the tone sounds unusual or out of character
- the sender’s email address is from a suspicious domain (like facebook-support.com)
- You don’t know the sender personally and they are not recognisable or trusted by your colleagues either.
- You don’t have any business or previous communication with the sender.
- An unexpected or unusual email that contains links or attachments from someone you don’t know or haven’t communicated with recently.
- You were CC’d on an email with one or more people who you don’t know
- The email was sent to you and an unusual mix of people at your organisation.
- The email arrived at an unusual time, like 2am or out of regular business hours
- The email subject line is irrelevant or does not match the message content.
- The subject is a reply to something you never sent or requested
- The link displays a different address if you hover over it with your mouse without clicking it
- The email includes a very long link with no further explanation
- The link appears to be from a well-known website but with a small typo (For example, facbook.com)
- The sender asks you to click on a link or open an attachment either to prevent a negative consequence like deactivating of an account or to gain or win something like a mobile phone or voucher.
- The email has a lot of spelling mistakes or bad grammar.
- The email is asking you to look at an embarrassing photo of you or someone you know, such as a colleague or a known celebrity.
- The sender attached a file that you were not expecting or is not related to the content of the email
- The extension of the attached file is dangerous or not familiar (for example, file.exe)
What to do if you suspect its a scam email?
Do not respond to the email, forward it or click any links in the email. When in doubt, ask colleagues to verify information verbally or talk to your IT support team for their advice. If you have concerns about any email, feel free to talk to Daffodil IT, call 0345 200 1185 and press 1 for support or email firstname.lastname@example.org.