Spam email and phishing attempts are more common than ever in 2021. The covid-19 global pandemic has proved the perfect opportunity for cyber criminals to try and catch people out. Educating your employees on how to recognise fraudulent email and phishing attempts is important. Especially now that many employees are working from home. This simple 5 step plan can be shared with them as a reminder that they are part of your line of defence.
At G5 we have had plenty practice helping businesses with their spam and phishing email. We know a lot of the tricks which cyber criminals use when trying to make their way into your data. Reading this article is your chance to find out some of our expert tips. You will learn a simple, easy to remember 5 step plan to help you recognise fraudulent email.
What are spam emails and phishing attempts?
Spam email can also be known as junk email. Spam emails are any unsolicited messages you receive and are often sent out in bulk. Phishing emails are fraudulent attempts to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive information, by impersonating someone you trust. Phishing emails can lead to a cyber attack which can be very costly for a business.
Ideally spam email and phishing emails end up in your spam/junk folder. However even with robust spam filtering or anti-phishing policies in place the odd suspect email can make it into your inbox. That means that you are the best line of defence when it comes to recognising fraudulent emails and acting accordingly. Your company might have an IT security policy to flag them as spam, delete them or send them on to your IT department. It is a good idea to have some guidance in place for employees so they know the best way to manage spam emails.
5 simple steps to help you recognise fraudulent email
Our simple 5 step plan will help you be better able to recognise and outsmart any suspect emails which make it to your inbox.
If you receive an email which you think might be fraudulent then you need to think S.M.A.R.T.
S is for Sender
Is the sender someone you recognise? Is their email address correct? Cyber criminals will often edit the user so that an email appears to be coming from a person or company that is trustworthy to you. They can’t easily mask an email address however so click on the senders name to find out the email address it has come from. If it is not their usual email address then it is likely fraudulent. If it is their email address but the subject or content seems odd then Think S.M.A.R.T.
M is for Message content
Does the message contain an unusual link, invitation or attachment? Or perhaps some text which doesn’t sound like the person or company who appears to be sending it? Does it ask you for sensitive information like login details, bank details, your password or your credit card? Then maybe it isn’t really from them! Always be suspicious if you get a request from a company asking for anything financial. If you still haven’t decided if the email is legitimate then take a look at the next step. Think S.M.A.R.T.
A is for Are you expecting it?
Are you expecting an email from this person? It is common for hackers to try and ask for money in an email. E.g. Can you please pay this invoice asap? If you are someone who handles finance it is important to check and see if you are expecting to pay the person or company who has sent the email. Always be wary of any link or attachment in any suspicious email but especially so if it is asking you for payment. Think S.M.A.R.T.
R is for Regards
Does the person usually say Kind regards, Best wishes or maybe keep it simple and just have their name? A change in this phrase could indicate that the email isn’t from them. It’s also worth considering if they usually have an email signature with certain details and logos as this can be more difficult to replicate. If this looks different from normal then think S.M.A.R.T.
T is for Talk
If you are still not sure if the email is from the person in the address line then give them a call. It’s much better to be safe than sorry. This especially applies if the person is asking for payment. Don’t use the phone number in the email you suspect is spam. Do use the number you have for them in your contacts or double check it on their company website. In some cases their emails may even have been hacked and your phone call could alert them to it and allow them to counteract any further damage. Think S.M.A.R.T.
Still not sure? Contact your IT Department
We hope thinking S.M.A.R.T. will be a handy tool to help you recognise fraudulent email. If you are still not sure after following these steps then we advise that you reach out to your IT department for help. The same applies if you have clicked on a suspicious link or entered login details after being caught out by a phishing attempt. Your IT department would rather you let them know about it so any security issue can be fixed asap.
Report Phishing to Active Fraud
Action Fraud is the UK’s national reporting centre for fraud and cyber crime. You can report phishing emails which try to get hold of your personal information to them. You should contact Action Fraud if you have been scammed, defrauded or experienced cyber crime.
At G5 we advise on spam filtering and anti-phishing policies to the businesses we work with. Technology has moved on recently and there are also some great anti-phishing products on the market which can reduce the likelihood of any cyber attack on your business. If you would like to discuss your protection against spam and phishing attempts then get in touch with our friendly team.