In 2020 cybercriminals saw an opportunity. As the Global pandemic saw people and organisations move towards remote and hybrid working the threat around cybercrime became even greater. According to recent research by Proofpoint, 75% of organisations around the world experienced a phishing attack in 2020.

Phishing is a type of cybercrime down to how effective it can be. A form of social engineering, targets are contacted via email by someone posing as a legitimate source to lure people into revealing sensitive data, such as identifiable personal information, financial details, and passwords.

If employees fall prey to phishing scams, it can cause serious downtime for the entire business and all manner of security issues. Good phishing emails look official and will have the user click a link that allows the attacker to gain access to sensitive data.

With hackers constantly coming up with new techniques around email scams and hoaxes, it is becoming harder and harder to spot a real email from a fake one. But there are several ways to maintain email security and know how to tell if an email is a scam.

Detecting a phishing email

Bad spelling and grammar can help identify a phishing attack

Look for inconsistencies in the language used within emails as this can be one of the biggest flags that it is not legit. A legitimate email will generally be well written with correct spelling and grammar.

If the company is legit, they’ll have domain names

A good sign that it is a legitimate email is by checking what the email address is. By hovering over the ‘from’ address, it will show you if the email is from a trusted source. Check for additional numbers or lettering when investigating email addresses for phishing attempts.

Legitimate companies will call you by your name

An organisation that has worked with you or had some form of contact will know you by name. Watch out for generic greetings like ‘Dear customer’ as this may be a sign that you have been phished.

Keep a close eye out for attachments

Be completely sure the email is from a legitimate source before opening any attachments. Suspicious attachments, such as an invoice should be approached with caution. If the email contains an attachment you weren’t expecting or doesn’t make sense, don’t open it.

Urgency

A tactic to be aware of around suspicious emails is the command to act fast. Cybercriminals use this favoured tactic to get you to make an action based on a sense of urgency and will ask you for personal information. When you come across these kinds of emails, just ignore them.

While these points highlight what to look for in phishing emails, the list is not exhaustive and is a good way in looking at how to check if an email is fake. However, from an organisational perspective, it is important to have solutions in place to prevent attacks.

Sophos Email Scanning includes ‘Impersonation Protection’, a feature aimed at helping to protect your inbox from even the most sophisticated phishing emails. And while no security solution can stop everything from getting through, there remains the possibility that even the most security-aware individuals can be fooled. That’s why it is best to implement a backup solution. Datto’s SaaS Protection provides a range of business continuity features that allow you to easily recover Office 365 and G Suite Data.

With extensive experience implementing security solutions to our clients, get in touch to find out how we can help your business.