01 June 2017

Phishing Emails – Attack Awareness Tips

Phishing is a technique by which potentially sensitive information is captured through masquerading as a trusted source. Typically a phishing campaign will be conducted through email, where an attacker will construct a message to try and tick the recipient into believing that the email sender and contents are genuine. Here are some ways to spot phishing emails and protect your information.

The content contains a mismatched URL

A URL in a phishing message will generally appear to be perfectly valid. However, when hovering your mouse over the URL, you will see the actual hyperlinked address. If the hyperlinked address does not match the URL, the messages is likely to be fraudulent or malicious.


Often times people that launch phishing scams depend on their victims not knowing or understanding change in the URL from .com .org. Therefore the user quickly and willingly act on the content of the email and the attacker will successfully capture their credentials.

Contains poor spelling and grammar

In the majority of cases, when a large organisation sends out a message on behalf of the company the content will be reviewed for spelling, grammar and legality. Therefore, if poor grammar is evident within the message or spelling mistakes are common, there is a high chance the information has not come from a legitimate source.

The email asks for personal information

Regardless of how official an email message appears, it is always a warning sign if the messages asks for your personal information. Your bank doesn’t need you to send them your account number. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

If something seems too good to be true, it probably is…

Consider this statement when you receive emails. If you receive a message from someone unknown to you who is making big promises, then the messages is probably a scam.

You didn’t initiate the action

Receiving an email stating you have won a contest that you did not enter or that you’re entitled to a claim for an accident that you weren’t involved in, like scam phone calls, should be considered suspicious and should not be clicked on.

You are asked to send money to cover expenses

Like many phishing emails, eventually you will be asked for money. This may not be the topic from the outset but sooner or later a phishing artist will likely ask for money to cover expenses, taxed or miscellaneous fees. Factors such as these within the message should serves as a warning that you have received a phishing email.

The message makes unrealistic threats

Most phishing emails will try to trick the recipient through discrete methods so as not to stand out from the norm. However, other known techniques involve phishing artists using intimidation to scare the victim into giving up information. If a message makes unrealistic threats then the message is probably a scam.

The message appears to be from a Government Department

In some cases, phishing artists will send messages that claim to have come from a law enforcement body or Government Department to attempt to build legitimacy in the content of the message. Due to the use of official titles it is easy to fall victim to content, always consider the warning signs and review previous messages.

Something doesn’t look right

On a daily basis you will receive regular emails from trustworthy contacts, if something doesn’t seem right, there is probably good reason why. This principle applies to email messages. If you receive a message that seems suspicious or out of the norm, it is advised you avoid acting on the message.

Watch IRM’s latest video

Cyber security is a transformation. As such behaviour, culture and awareness are all critical in ensuring incidents don’t occur. Find out how IRM can help you, here.