1. Asking for Personal Information is a Red Flag

Few (if any) websites, banks or businesses will ask you for confidential personal information, or financial information, in an e-mail. If you receive an e-mail requesting you to supply this information, you should treat the request with suspicion.

2. Check the Sender’s E-Mail Address

The first phishing giveaway is often the sender’s e-mail address. Even if the e-mail itself looks legitimate, that address often stands out as being questionable. For example, if you receive an e-mail from Apple AAPL +0.32% and the sender’s address is AppleSupport765@hotmail.com, this is clearly not really from Apple.

3. Watch for Links and Attachments

The objective of a phishing attack is usually to get you to download an attachment or to click on a link. Use extreme caution with attachments –they can be disguised malware that will infect your PC. Don’t click links within an e-mail that you are at all suspicious of. What looks like a legitimate hyperlink can be a disguised link to a criminal website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website) or better yet, open a browser window and manually type in the hyperlink yourself to prevent it being re-directed.

If you receive an e-mail from someone you know, with apparent nonsensical or out of character text, don’t click on anything. In all likelihood, their e-mail account has been hacked and all of their contacts are now targets of a spear phishing attack.

4. Typos are a Red Flag

For some reason, cyber-criminals seem reluctant to invest in copy editing. One of the easiest ways to spot an e-mail sent as part of a phishing attack is typos. Most that I receive are full of spelling errors, poor grammar and syntax, and ugly text layout.

5. When In Doubt, Contact the Supposed Sender

Sometimes the bad guys pull things together and manage to generate a spear-phishing campaign that’s really difficult to detect. The e-mail appears to come from a legitimate source, it references something that could be legitimate (like a recent purchase you made) and it’s polished and official looking. If you’re not expecting this e-mail, pick up the phone and call the originating company’s customer service, or send an e-mail directly to their customer service to verify they sent it.

6. Install Security Software and Be Smart About Passwords

As an added layer of defence, security software is never a bad idea. Some Internet security packages have a feature that automatically detects and blocks fake websites, adding a failsafe in case you accidentally click on link you shouldn’t. And it goes without saying that you should be using a unique password for each website where you are required to log in. If you’re a phishing victim, this can help to contain the damage.

If you follow these steps, you will minimize your risk of becoming a spear phishing victim. For further information on protecting yourself against phishing and spear phishing attacks, check out the NCSC’s website. And finally, here’s a shot of a phishing e-mail I received yesterday morning. I’ve circled the many giveaways and below the image is a list of why they stood out.

If however you do find yourself victim to an attack please RESET your email password.


Connect-Up Support Team.