Search
Close this search box.

Understanding and avoiding phishing emails

Table of Contents

What is phishing?

Phishing is a tactic used by criminals on the Web to trick users into giving up sensitive information or installing malicious software onto their PCs. Phishing is a blanket term describing anything that may be seeking to maliciously obtain sensitive info by disguising itself as a legitimate entity. Phishing emails are malicious emails that are disguised as legitimate ones.

What is a phishing email?

Phishing emails are the most popular form of phishing attack. Attackers disguise their emails as coming from your bank, your email provider, retail accounts you may hold or your social network accounts. They may look convincing or even be exact copies of official emails you have received before. More advanced spear-phishing emails even utilise prior research such as details harvested from your LinkedIn account or contact details on your website. Be aware that even though they sound friendly and can be addressed specifically to you, their purpose is to exploit you.

The emails will differ depending on their angle of attack. Those purporting to be from your bank may request you follow a hyperlink and enter your online banking login and password; some, such as those purporting to be from delivery companies, will only require you to click on a hyperlink to download malicious software to your PC.

Phishing is the most widely used cybercriminal tactic

Anyone can be targeted by attackers using phishing techniques. Fortunately, everyone can make themselves less likely to be a victim by educating themselves on the threat and taking sensible steps to ensure security such as keeping your anti-virus software up to date.

Being aware of the threat of phishing emails is crucial to keeping your business safe. However, it isn’t acceptable to only rely on being well-informed to combat such a serious threat to your company. Almost half of small to medium size businesses were targeted by a cyber-attack in the previous financial year, and 60% of those who were victims closed their doors within 6 months. The damage to your finances and your reputation can be severe. Given the severity of the threat, comprehensive action is necessary to counter it.

How can I minimise the risk of being a victim of phishing?

A great start is by educating your staff on the threat of phishing. In addition, there are a number of industry-leading products that Neuways can offer such as Webroot anti-virus, to defend against malware, and Mimecast, to make email safer for your business. In the event that you are the victim of a ransomware attack as a result of phishing, it is essential to have backups to keep your business running. Get in touch with Neuways to discover what we can offer to make your business more resistant to the threat of phishing.

Examples of phishing emails

Here is a generic list of examples you should be on the lookout for. It is by no means exhaustive – cybercriminals are always working to stay ahead of the game when it comes to phishing emails.

Email sender

 

Typical example approach

 

Result…if you get it wrong

 

Online Banking “URGENT: Your online bank account may have been compromised. Please follow the link and log in to validate your security details…” By following the instructions and logging in, you’ve given your online banking login credentials away to a cybercriminal!
Online Retailers “We have suspended your account temporarily. Please click here and log in to reactivate…” By following the instructions and logging in, you’ve given control of the account, and any payment methods attached to it to a cybercriminal.
Delivery Companies “You missed a delivery. Please click the tracking number link to reschedule or arrange collection.” By following the link, you’ve infected your PC with malware which could harvest your data and your passwords.
Email Provider “The password for your account will expire shortly. Please click the link and log in to update your password.” By following the link and entering your password, you’ve given the cybercriminals access to your account. They can potentially reset passwords for other accounts, or email your contacts to spread the deception further.
Fraudulent Companies, e.g Insurance Companies “We have reason to believe you were incorrectly sold insurance. Please click the link to claim your refund.” By following the link, you’ve infected your PC with malware which could harvest your data and your passwords.
Government or local councils “We understand you are due a tax refund for the period 20/1/2017 to 1/1/2018. Please follow the link to claim back your payment.” By following the link, you’ve infected your PC with malware which could harvest your data and your passwords.

How to deal with suspected phishing emails?

Now you know what you need to be looking out for, keep in mind this handy list of what to do when you are faced with what you think you may be a phishing email.

What you should do What you shouldn’t do
✔ Check the sender’s address – does it look legitimate? It will be a close approximation of the organisation they are posing as.✔ Check the greeting – do they address you by your name, or simply as “a customer?”

✔ Check the signoff – legitimate businesses provide names and contact details, which you may already know.

✔ Beware of “Urgent” or threatening content requiring immediate action.

✔ Check the design and quality – does the email look as professional as the reputation of the organisation it is purporting to originate from?

✔ Check the spelling, grammar and tone. Do they feature poor grammar and spelling, and miss that professional tone?

✔ Contact the supposed sender via pre-established contact details if you’re still unsure. DO NOT contact them using the details on the email.

✔ Tell your staff/colleagues to be wary. The attacker may be target everyone on a similar domain.

✔ Consider your business relationships. If you get an email from a bank, or delivery company you do not use, treat it with suspicion.

 Do not trust every email you receive.
 Do not panic when you receive an “urgent” or threatening email. In a real emergency, people are far more likely to make telephone calls.
 Do not download any attachments – they may download malware or viruses to your PC. Do not preview any attachments – if it’s suspicious, it’s best to be cautious.

 Do not click on any links – they may take you to sites designed to infect your PC with malware. Instead, hover over them with your cursor, and see if they look suspicious.

 Do not give up any details such as usernames or passwords.

 Do not trust the display name – check the email address the email came from.

 Do not respond, and do reach out to the sender with the contact details contained in the suspicious email. Telephone numbers and contact email addresses could be those of the criminals, through which they can further their deception.

 Do not forward the email to any colleagues without forewarning them of your suspicions. The best thing to do is delete the email.

An example phishing email to help you identify future threats

Here is an example phishing email from an attacker purporting to be from Neuways. See if you can use the above advice to spot what identifies it as a scam.

  • There is an “Urgent” demand in the subject line. Like many companies, if we need to contact you urgently, we will generally use the phone.
  • The email looks semi-professional. It is a poor imitation of a real corporate email.
  • Whilst the attacker has stolen the Neuways logo, either by accident or in creating their email address, they have made a spelling error –
  • The email is addressed to “valued customer.” At Neuways and many other companies, we will always address you by your name.
  • The request is generic, to be sent out to as many recipients as possible, and designed to incite panic. It is rare that anyone, especially your IT support provider, would send you a legitimate email of this sort.
  • There are a number of spelling and grammatical errors.
  • The telephone is false – designed to be a line to the attackers in the event you reach out to them.
  • The address listed is meant to give an air of professionalism but a quick Google search would reveal that it is only partially correct.

Don’t become phish food

Whilst this is a very basic example, it gives an indication of the means an attacker may use to steal your email account password and exploit that access. Information such as who you use as an IT support company, or as a logistics partner may be openly available in the public domain, and attackers may tailor attacks to your business using the information they have obtained. Always treat demands for passwords and other sensitive information as suspicious. Never use the contact details in the email. Never follow hyperlinks or download attachments. Educate your staff on the threat of phishing, as they are your last and best line of defence!

Phishing emails can seem like a relatively simple method of cyber-attack, but they can be extremely harmful to your business, and they are so widespread that it is likely you will encounter one. 91% of hacking attacks begin with phishing or spear-phishing. Even after educating and training staff, 23% of phishing emails are still successful in their goal of compromising businesses. You need a strong and comprehensive set of defences against phishing and the range of other tactics used by attackers today – speak to Neuways to get the best solutions that are suited to your business.

Contact Neuways today and avoid falling victim – before it’s too late.

Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Work Password Example - why you need a password manager
The most hacked passwords in 2024 and how to protect yourself
These are the most hacked passwords in 2024, learn today how you can protect your business and foster...
Read More
Early patching in Cyber Security
The Importance of Early Patching
Combat against cyber threats with early patching in cyber security.
Read More
Zero Patch updates - Cyber security vulnerability spotted - Neuways urge businesses to act.
Biggest Microsoft Patch Tuesday in years fixes four zero-days, five critical bugs
Discover how the latest Microsoft Patch Tuesday update addresses 142 vulnerabilities, including four...
Read More
Cyber security offered by Neuways in Derby
Businesses pressing ahead with AI regardless of Concerns
Businesses are ignoring concerns re: AI for data tracking. Neuways advise on how to foster a cyber security...
Read More
Cybersafe
What is Credential Stuffing and how can it affect your business?
Defend your business against credential stuffing attacks thanks to Managed Cyber Security services from...
Read More
Cyber secure culture within the business
6 ways to foster a Cyber Secure culture within your company
95% of cyber security issues traced to human error. Here is how to foster a cyber secure culture within...
Read More
Apple devices holding company data could be a security flaw in your business. Photo by Aurich Lawson.
Why it's important to control what apps go into devices that hold company data
If you supply employees with work devices holding company data, managers need to be able to control what...
Read More
Beware of Fake Free WiFi netowrks.
Beware of Fake Free WiFi Networks
Fake free WiFi networks allow cyber criminals to gain access and steal personal data. Use a secure WiFi...
Read More

Frequently Asked Questions

As a leading IT and technology provider, we offer three core services, all of which have additional add-ons. We offer Managed IT Support, Business Central implementation and consultation, as well as Managed Cyber Security. Call us on 01283 753333 if you are interested in any of our services.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311

Email: hello@neuways.com

Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

We can help you conduct Cyber Audits to assess whether your business would gain Cyber Essentials and Cyber Essentials Plus Certification. Our dedicated departments work with your team to assess how much work is required before you gain Cyber Essentials Plus certification. We will then provide advice and consultation on what aspects you need to change within your business before providing a quote on how we can assist your company become Cybersafe.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. Our experienced business consultants have worked all over the world for organisations operating on a global scale. 

Exclaimer Pro is a dynamic email signature that helps clients to switch and change around email signatures so that clients are able to advertise different offers and brands to a variety of email recipients. Administrators can also manage user emails internally, meaning the user does not have to touch their own email signature.

We offer Managed Security Training to help employees spot email phishing attacks, spear phishing attacks and vishing attacks. We also help train clients on how to use the various pieces of software we provide to clients, like Exclaimer Pro, Business Central and Cybersafe software.

We are a Managed IT Support provider based in Derby, East Midlands. However, we cover so many areas including the whole of the UK, Europe, and America. We are always willing to travel and send our expert technicians to ensure you have the best experience. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.
Name