How to spot a phishing email
“It has come to light that approximately 90% of cyber attacks start with a phishing email”
This figure underscores the critical need for email security in safeguarding against these attacks. Small Business IT Support London in its commitment to strengthen your defences, will guide you through the labyrinth of deceptive emails in order to thwart any attempt from the cybercriminals to compromise your business.
Knowing how to spot a phishing email takes experience and training as it is not always a straightforward task.
Increasing threat from phishing emails
What a few years back would have been a straightforward case of a fraudulent request for bank details has developed into an elaborate scheme that could involve counterfeit branding and sophisticated social engineering tactics. At the same time the volume of phishing emails has dramatically increased, warranting more robust defences. Continuous education on the nature of phishing threats is essential to update cyber hygiene practices.
Small Busines IT Support London, can ensure that you have the right tools to train your staff as to be aware of the emerging phishing threats, that you have countermeasures in place in order to stop these attacks and can advise you on how you should adjust your cybersecurity policy as to minimise the impact of a potentially succesful phishing attack.
Which are the tell-tale signs of Phishing Emails?
In the search for malicious email detection, we have come to recognise certain phishing red flags that are consistently present in these fraudulent communications.
In our unending quest for robust malicious email detection, we’ve come to recognise certain phishing red flags that are consistently present in these fraudulent communications. Below, we present an in-depth exploration of these indicators, which, when noted, can significantly increase the likelihood of averting a potential cybersecurity breach.
Foremost among the red flags are generic salutations. Unlike a legitimate entity that has your details, phishing attempts often encompass broad greetings, such as “Dear Customer” or “Dear User”. These should immediately raise suspicions. Additionally, we’ve seen that a sense of urgency is a common tool employed by cybercriminals. Emails prompting you to act swiftly, usually under the pretence of a security threat or account issue, seek to cloud your judgement with panic.
Below is a table to assist you in your malicious email detection efforts.
| Indicator | Phishing Red Flag | Actionable Advice for Detection |
| Sender’s Email Address | Misspelt domain names or email addresses that mimic a reputable source, but upon closer inspection, reveals discrepancies | Double-check the sender’s details by hovering over their name or address without clicking to verify authenticity. |
| Links in Email | Hyperlinks that direct to unknown or suspicious websites, especially if they are shortlinks where the actual URL is obfuscated | Hover over links to see the actual URL destination. Look for “https” and a padlock icon in the URL, which indicates security. |
| Attachments | Unsolicited email attachments, particularly those with file extensions like .exe, .zip, or .scr | Never open attachments from unknown senders. Confirm validity if it comes from a known contact but is unexpected. |
| Content Quality | Poor spelling, grammar, and layout which are not expected from professional correspondence | Assess the quality of the email content for any irregularities that might suggest it’s not from a legitimate source. |
| Subject Matter | Claims of account suspension, unauthorised login attempts, or unverified transactions that require your immediate action | Verify any claims independently by contacting the company through official channels. Do not respond directly to the email. |
Phishing Attack Examples and Analysis
The examples below will assist you in being able to spot a phishing email.
Case Study 1: The CEO Fraud Email
A finance officer received an email purportedly from the CEO, urgently requesting a fund transfer to a specified account. The message was designed to induce a sense of immediacy, bypassing normal protocols. On closer inspection, subtle discrepancies in the email domain and language revealed its fraudulent nature.
Case Study 2: The Tax Rebate Scam
An official-looking email from ‘HM Revenue & Customs’ claimed the recipient was eligible for a tax rebate. The phishing email enticed victims with a link to submit personal details. However, the use of a generic greeting and a website link redirecting to an unsecured platform exposed the scam.
Case Study 3: The Customised Phishing Intrigue
An individual received a highly personalised email citing accurate personal information and mimicking a familiar service provider. This phishing attempt hinged on social engineering, leveraging trust and familiarity. Critical analysis and resistance to external links helped avert a breach of privacy.
Each case underscores commonalities; urgent requests, leveraging authority, and exploiting trust are recurring themes in these phishing attack examples.
Proactive vigilance is the first line of defence against phishing exploits and should be embedded in the culture of the company’s staff.
Best Practices for Email Authentication
Firstly, the implementation of Sender Policy Framework (SPF) records is essential. SPF allows for the verification of the sender’s domain by comparing the sending mail server’s IP address with the authorised IP addresses published in the DNS records. It is a straightforward yet effective preventative step against email spoofing.
DomainKeys Identified Mail (DKIM) is another invaluable authentication method. This involves an encrypted signature added to the email’s header. DKIM safeguards email content integrity and confirms the email was sent from the stated domain, further corroborating sender legitimacy.
Domain-based Message Authentication, Reporting & Conformance (DMARC) unites SPF and DKIM, providing an additional verification layer. By specifying a DMARC record in your DNS settings, you are instructing email providers on how to handle emails that do not pass SPF or DKIM checks—thus significantly mitigating the risk of fraudulent emails reaching the inboxes of unsuspecting recipients.
| Protocol | Function | Benefit |
| SPF | Validates sending server’s IP address | Prevents sender address forgery |
| DKIM | Adds an encrypted signature to the email’s header | Verifies origin domain and content integrity |
| DMARC | Defines how receivers handle emails not passing SPF or DKIM | Increases email deliverability and reduces phishing risks |
How to Train Your Employees to Recognise Phishing Attempts
Staff should be made aware of the phishing landscape (the nature of phishing, its common forms and the tactics emplyed by cybercriminals).
Below is an example of an anti-phishing training schedule.
| Week | Learning Objective | Activity | Assessment |
| 1 | Identifying the red flags in emails | Interactive workshop on distinguishing phishing emails | Simulation test |
| 2 | Safe communication practises | Q&A on secure email protocols | Practise exercises |
| 3 | Understanding the psychological manipulation in phishing | Webinar by a renowned cybersecurity psychologist | Group discussion |
| 4 | Reporting and responding to threats | Role-play on the reporting process | Interactive quiz |
Defence mechanisms against phishing
| Phishing Defence Mechanism | Role in Cybersecurity Strategy | Benefits |
| Advanced Email Filtering | Prevents phishing emails from reaching inboxes | Reduces potential for human error |
| Secure Gateways | Monitors email traffic for malicious activity | Provides real-time threat analysis |
| Endpoint Protection | Defends against malware introduced by phishing | Keeps data and devices secure. We partner with Sophos for effective endpoint protection. |
| Education & Awareness Programs | Equips employees with skills to identify threats | Builds a culture of security vigilance |
Best practises to reduce phishing emails
Understanding how to reduce phishing is integral to safeguarding the integrity of an organisation’s data and its reputation.
Stringent Email Protocols: The first line of defence is establishing stringent email protocols. This includes implementing filter systems that scrutinise emails for phishing characteristics and training employees to recognise the signs of malicious attempts.
Investment in Phishing Protection Tools: Effective tools and software provide a robust shield against phishing endeavours. Technologies such as anti-phishing toolbars and secure email gateways can significantly diminish the likelihood of a successful phishing attempt.
Fostering a Culture of Vigilance: Equally important is cultivating an environment where every staff member remains vigilant to potential threats. This involves ongoing education and a clear reporting process for any suspicious activity.
What to do when you detect a phishing email
Now that you know how to spot a phishing email, it is time to do something about it.
- Do not engage with it. Do not click any links, download attachments or reply to it
- Report it. To your IT team, to us and many times to your email provider that may have a dedicated channel to report phishing attempts
Protecting your business from email threats can be complex and time consuming. Small Business IT Support London IT engineers have the experience and capacity to keep your company secure from online threats and keep you and your staff informed and vigilant teaching them how to spot a phishing email. Contact us now to discuss your requirements.
