What are phishing emails and what should you look for?
Be aware of phishing emails
Fake emails are a common method used by cybercriminals. They pretend to be originating from a credible party with the intention of enticing you to reveal information that may be used in an attack directed at you or your company.
Such information could for example be:
- Critical business information
- Passwords and codes
- Other kinds of personal information
Easy to fake the sender identity of an email
Another typical method is to use a similar-looking domain to pretend the email is sent by a party you trust. Hackers may acquire similar-looking domains to mask their phishing attempts, and the emails can be highly sophisticated and professional giving you the impression that it´s genuine.
By applying this method attackers can configure the domain to pass undetected through common protection measures implemented by IT departments to filter out malicious and harmful emails.
To ensure that you are not falling victim of such attacks, you should carefully check the sender address in the email and verify that it’s coming from a valid domain.
Unusual requests, suspicious links and misspellings are some of the things to look out for
What to look for?
Please take some time to check the actual sender address in the email.
Other things in the email you should also be aware of:
- Strange or unusual requests, i.e. asking for your username and/or password
- Attempts of creating fear
- Suspicious links or attachments
- Spelling mistakes or poor/inaccurate language
Hyperlinks are easy to fake
If the email contains hyperlinks, you should make sure the link directs you to the destination it claims. To do so, you can move the mouse pointer above the text or image that is hyperlinked, to see the destination URL it links to.
Check the domain, check the links and be careful about giving out personal information.
At Admincontrol we have recently been looking at these issues in depth and have produced a handbook for boards on how to manage the impact of hybrid working on cybersecurity.