How to Recognise, Avoid and Report Phishing Scams

What is Phishing?

Phishing is when you are contacted by someone claiming to be from a reputable company. The contact can be by email, message, telephone or via a fake website.

In this information, we will be talking specifically about phishing emails, what they look like and how to deal with them.

Phishing emails, messages, websites and phone calls are designed to steal money and information from you, your contacts or your company. Cybercriminals use Phishing to steal information, access your accounts or to install malicious software on your computer.

How to spot a Phishing email?

Phishing emails are often designed to look just like an email which you would expect to receive from the company that they are imitating.  They imitate all sorts of companies and could appear to be from your bank, your email company, the company where you work, Facebook, Microsoft etc, they may even use the logos and graphics that you recognise.

There are always signs that the email is not genuine, you just need to look out for them and if you are unsure, then ask your IT Manager to take a look at the email remotely before acting.

Phishing emails usually have some of the following ‘tell-tale signs’:

  • Links to a web page – this page will be on a fake site, if followed it may ask for login credentials, passwords, personal information or may even begin downloading Malware or Viruses to your computer. The link may have a recognisable website name written but it will take you elsewhere. You generally do not receive any links in a real company email.
  • Requests for Login Credentials such as usernames and passwords – there would be no reason for any company to request these in an email.
  • Poor Spelling or Grammar – Basic but Cybercriminals are not known for their attention to detail.
  • Lack of personal greeting – Often the email will be addressed to ‘Dear Client’ or ‘Hello’ rather than to your name.
  • Threats and Urgency – Phishing emails commonly use content that makes the email seem like you must act with urgency, things like ‘your account is suspended’ or ‘we have noticed unusual activity’.
  • Email Address (Sender) that is not associated with the company – Checking the email address of the sender is essential, the emails often come from addresses with no relationship to that company

What to do if you receive a Phishing Email

If you receive an email which fits the profile of a Phishing Scam, report it as junk. You can do this by right clicking on the email or by dragging the email into the spam or junk folder.

You should also mention the email to your IT Manager who will be able to take a look remotely.

It is important that you do not click on any links in the email, if you have accidentally clicked on a link or taken any action then contact your IT Manager immediately and stop using your machine until it has been checked and had passwords changed.