12 tips on how to spot scam emails

A heavy reliance on carrying out business online has resulted in an explosion of cyber crime. In 2020 email phishing will continue to be a major form of online attack increasing the need for businesses to be aware of current threats.  Many cyber criminals use AI systems that can automate processes making the attacks prolific, sophisticated and hard to spot.

Your business may have put good IT security in place but cyber criminals will target your weakest link, which is often your employees.  Human error remains the primary cause of data breaches and can result in a major loss of sensitive information.  Keeping your staff trained and up to date with the latest threats should be a key part of your IT security strategy.

We frequently have clients asking if an email is genuine, whilst there are no hard and fast rules double check the details and take head of the following:

  1. Unknown sources – pay close attention to emails from unexpected and unknown sources
  2. Company address – check the company name and email address with an independent online search, is the link a well-known website spelled incorrectly?
  3. Sender address – the display name can be set to appear to be someone you know, but the email address itself is often a giveaway
  4. Generic salutation – what greeting have they used in the main body of the email? Fake emails often use generic terms such as ‘Dear Customer’
  5. Poor grammar – are there grammar and spelling mistakes? Often phishing emails are carried out by non-native speakers
  6. Sign-in requests – is the email asking you to go to a website which then asks you to sign in?
  7. Check the links by hovering the mouse over it – if the address has spelling errors, or the domain doesn’t match the email domain, or a verified sharing device (i.e. dropbox.com or sharepoint.com) it is likely to be fake
  8. Registered email – Is the email they have used for you the one you used to register with the company?
  9. Beware of attachments from unknown people or businesses, if necessary, check with the recipient before opening
  10. Ignore threats, blackmails and warning emails. A genuine urgent threat will be replaced or used in conjunction with a phone call
  11. Be suspicious of appeals and requests for money. Check the veracity of a charity and only donate directly through a website with a secure domain https://
  12. Ignore emails that look too good to be true – emails offering prize winnings or easy money are often a trap

It is crucial that businesses take steps to ensure they are doing all they can to educate employees on current cyber threats. Training staff how to recognise phishing emails is one step towards helping mitigate the risk of a data breach and its devastating effects.

Our cyber security awareness training is computer-based and delivered monthly in engaging bite-sized modules.  It costs £2 per month per user so is affordable for every size of business. For more information please contact us.

.