Sometimes I feel like half my job is looking at emails for colleagues. Sure, it can be frustrating at times, but at the same time, I'm glad that some staff are cautious instead of just clicking on anything they receive.
Phishing emails are designed to appear as though they've come from individuals or real companies, with the aim to defraud you by stealing your personal information or enticing you to download attachments that contain viruses or other malware. Some are better than others, but one thing I've noticed recently is that some are now scarily good and if you're not cautious then you could easily be in real trouble.
How to spot a phishing email:
- Do you have an account with this company or know the individual?
- If so, are you expecting this email?
- Check the email sender address to see if it is legitimate. The email name might be the same as someone you know, but is their email address the one that you know?
- Be wary of attachments, especially if they are oddly named.
- Is the email generic?
- Are the spellings and grammar correct?
- When you hover on any links, it will show the URL. Is this URL linking to a site that you expect and trust?
If you believe that you have received a phishing email then these handy tips are worth bearing in mind.
- You can report the email to the NCSC (National Cyber Security Centre). If it's a particularly good one that you think will catch people out, it's definitely worth reporting as you could help other people.
- block the sender so you don't receive any more from that email address.
- Delete the email so that you don't forget your discovery of a phishing attempt and click on something at a later date.