Phishing is already the most common type of cybercrime in the UK, affecting scores of businesses and charitable organisations every year, but the rapid evolution of Artificial Intelligence (AI) is enabling cybercriminals to create ever more convincing and personalised emails to target unsuspecting victims. In 2022, 83 per cent of UK businesses that experienced a cyberattack reported that it started with a phishing email.
With this in mind, effective computer security is more important than ever. So, how can you spot a phishing email and what steps can you take to minimise the risk?
Businesses receive hundreds or thousands of emails every day, so spotting a fraudulent email in your inbox can be incredibly difficult, especially if it is designed to look authentic. But what do phishing emails do and why can they be so effective?
Phishing emails rely on fear and intimidation to trick recipients into revealing sensitive personal or business information. For example, cybercriminals may claim that a company’s account will be suspended or terminated unless immediate action is taken, to pressure recipients into making rash decisions without verifying the source or authenticity of the email. By the time the email is identified to be fraudulent, the damage may already have been done.
Most phishing emails impersonate trusted brands such as PayPal, Apple, or Facebook. In many cases, they also mimic colleagues or companies with whom you work. While these emails may look legitimate at first glance, featuring globally recognised logos, straplines, or fonts, they often contain tell-tale signs of fraud, such as grammatical errors, typos, or inconsistencies in branding.
Creating urgency is a common tactic used in phishing scams. Frequently, criminals use language that is designed to provoke an immediate response, such as ‘Act now!’ or ‘Your account will be suspended!’ A sense of urgency aims to override users’ critical thinking and encourage them to click on malicious links or reveal sensitive information.
Always carefully examine the URLs included in emails. Hover over links to preview the destination without clicking. Phishing URLs often have subtle misspellings or inconsistencies that mimic legitimate web addresses. For instance, a phishing link might replace the letter O with a zero or alter domain extensions, such as using .net instead of .com.
Cross-referencing the sender’s email address with the official company domain can reveal potential fraud. Phishing emails often originate from addresses with minor spelling errors or additional characters. For example, an email may come from @paypa1.com instead of @paypal.com, though at first glance the difference may not be obvious.
To protect yourself and your organisation against the threat of phishing attacks, your company should adopt these best practices:
To find out more, please download The Ultimate Guide to Defending Your SME Against Cyberattacks, or call us on 01296 668966 for expert advice.
Image Source: Canva
