Our Blogs

Ultimate Guide to Preventing Email Phishing Attacks

Email phishing is a type of scam that attackers use to try and get us to give up our sensitive data.

It’s so important to be able to spot the different types of phishing attacks and what procedures you must go through to prevent these from happening.

There are many different ways that someone will try and trick you into surrendering your data and we will go through them more in-depth.

The things that we will dive into will be:

  • Am I at risk of being targeted?
  • What types of Phishing emails exist?
  • How to spot a phishing email
  • What to do once you have identified a Phishing email
  • How to avoid being a phishing target in the future

Am I at risk of being targeted?

The truth with email phishing is that basically anyone can be a target. Anyone from elderly adults to young children can be targeted by these attacks.

Providing that the person is using the internet, their information can be found publicly by these phishing scammers and in-turn you will be added to their targeting list.

There’s a good chance that just by having an account on a website or social media that you will be a target. Everything from your phone number and email address can be visible on those accounts and therefore make you a target.

Phishing attacks can happen on a broad scale where they will send thousands of emails to random people. Others can be more streamlined and aimed at a single person or company.

What types of Phishing emails exist?

There are two broad categories of Email Phishing. Of course, there are more in-depth sub-categories but the main ones are:

  • Mass Phishing
  • Spear Phishing

Mass phishing

Mass phishing is the most commonly used variation of this scam. It works by sending out thousands of emails to random people and hoping to get a few bites back. Think of it as a big net that catches a few unsuspecting people.

It’s the same as all of the trash mail that you get sent through your door but can be much more dangerous.

Below are some the types of Mass Phishing that exist:

Email account scam

These are some of the most common scams regarding phishing. In the email they say that your accounts password is going to expire and that you need to follow the link below to do so.

Nothing looks too out of the ordinary here as the email is structured correctly with usually no grammatical errors. Even the link provided looks legit but it will not take you to the promised location. Instead, it takes you to a forged page that looks legit with a password reset screen.

The second you enter your password and submit it; the scammer has access to your email account.

Advance-fee scam

The most infamous scam in the book. This is the one that almost everyone who has access to an email has come face to face with at some point in their lives.

The scammer will pose as a prince or relative of royalty and will tell you that they have a sizeable lump sum of money waiting for you on their end. They also state that the only way for you to receive them funds is to transfer a small fee of your own to them first. Of course, this is all a scam as they will take your money and run but some of these can be amusing to read.

Now, whilst these ones are very easy to spot and do not have a high success rate, the fact that an individual can send out thousands of these emails per day means that it doesn’t need a high success rate to be successful.

One person stated that they would send around 500 emails per day and receive an average of 7 replies and around 70% of those that replied would pay them the money. (Reference)

PayPal scam

With PayPal being a huge company that already stores users bank details, it makes for a very lucrative target for scammers.

They will often send emails that include all the correct logos and fine print to make them look convincing. They will usually pull you in by making you panic.

The emails involved will usually read “There are some problems with your account. Please update your details below”

When you click the link, it will take you to an identical page to what you are used to with PayPal and ask you to enter your details again to re-login. Once this has been submitted, they will have all of your details and be able to freely use your PayPal account.

Spear phishing

Spear phishing is a little bit different. Instead of broadly sending thousands of random emails, these ones are targeted to an individual or set group of people like an organisation.

These require a lot more research and specialised skills to be able to pull off. If the scammer has the skill to do these, their success rate will be higher but these operations are done on a much smaller scale like a single person or business.

Below are some of the scams used in spear phishing:

Fake invoice scam

This is probably one of the most common spear phishing scams. They use fear to prey on their victims. They create a sense of urgency with their emails.

The way that they do this is by saying that the victim owes them money for goods or a service that they haven’t ever actually ordered. This works because some people will genuinely not remember if they did or did not purchase the item and will just pay to make the emails stop.

Google docs scam

This one is a relatively new type of phishing scam. It’s one of the hardest scams to spot from what we have gone through so far.

This scam involves a shared ‘document’ that the person who sent the email wants you to see. The sinister part of this scam is that it can often be displayed as somebody that you know. Most people wouldn’t think twice about opening a link sent to them by a friend.

They are very well-designed with all the correct logos and fine print. They look identical to the regular google docs emails. They are extremely hard to spot and prevent.

How do you spot a Phishing email?

The hard part about these scams is that they are all so elaborate. They are made to look very legitimate which makes them very hard to spot.

You should look out for the following things that may raise red flags:

  • Links/Attachments
  • Spelling errors
  • Poor grammar
  • Pixelated or unclear graphics
  • Too much urgency or fear generation
  • General greetings like ‘Dear Customer’ instead of name usage

Make sure that if you have red flags about an email that you do some research. Check out how that company usually send you emails or how clear their logo is to their scamming counterparts. When you know what to look for, it can become a straight-forward process to identify a scam.

What to do once you have identified a Phishing email

If you receive and identify a phishing email, there is no need to panic. Whilst it can be quite scary at first, keep in mind that just receiving the email can’t actually affect you.

Here is what to do if you suspect that you have received a phishing email:

Stay calm and avoid links

Most email providers these days do a really good job of filtering out most of these scams but some do manage to get through. However, just because one of these malicious emails makes its way through, that doesn’t mean that it has already infected your device.

It’s even safe to open or preview the email nowadays. This is because email providers have not let code run in the background of an opened email for over a decade.

The problems will occur when you click a link or open an attachment that was sent in one of those phishing emails. Before doing so, make sure that you are 100% confident that you trust and know the sender.

You should also never reply to one of these emails, even if it’s you telling them to stop contacting you. The reason for this is that it lets the scammer know that your email is still active. This will result in you becoming an even bigger target for these phishers.

To summarise, do not open any links or attachments within these emails and certainly do not reply.

Double check with the sender

If you aren’t sure about an email that comes through from someone you know or a company that you use, make sure to get in contact with them to make sure that the email that was sent was safe and legit.

Again, do not reply to these emails. Instead, text the friend or write a separate email to the person or company that you know and ask them directly.

If the email comes from a service that you regularly use such as your bank or gym then the best thing to do would be to go onto their website or social medias and try to directly contact them to ask them about the email.

Report the email

If you receive a phishing email to your work inbox then be sure to report that directly to your companies IT department and follow their protocols.

If the email is directly to your personal email from an unknown source, then it’s highly likely that your email provider has their own process that allows you to report phishing emails.

You can also report the email to your countries governing body. Many countries have their own agencies that deal with this type of thing. Here in the UK, you can report phishing emails to Action Fraud.

If the email is imitating a trusted company but still looks suspicious, then you can report it directly to the company that the person is trying to copy, such as Amazon or google.

Mark the email as spam

If, like most people, you want to stop receiving emails from these scammers then you can always mark it as spam. This will stop the senders from being able to send you emails from that particular address from now on.

Delete the email

You can always just delete the email. As long as you don’t open any links or attachments from it then it’s safe to just delete it and move on. It is harmless if you just get rid of it without ever looking at it.

Don’t panic and just carry on

Phishing emails occur very frequently. Whilst your email provider does do a decent job of filtering them as spam, you really don’t have to worry about the ones that make it through. You can easily do any of the previous things that we have talked about and you will be risk free from phishing emails as annoying as they might be.

Just remember to stay calm and don’t open anything inside the emails and you will be safe.

How to avoid being a target in the future

Keep up-to-date

New phishing methods are being created all of the time and it’s your job to make sure that you are clued up on them. Do a little bit of research to find out the new methods that scammers are using and prepare yourself accordingly so you do not get caught out.

Think before you act

Always think before you click that link or attachment. If you aren’t sure about a certain link in an email then try hovering over it. By doing this, you can see whether or not the link is taking you to where it says it is or not.

Some of these emails contain links that take you to an almost identical website. The best way to spot these ones if by carefully reading the email to check if the wording is correct. Most of these emails use ‘Dear customer’ at the start.

Check your accounts often

Try to check up on your online accounts more often. You might not have checked one for a while and the scammer might be having a blast with it. It’s important that you check up on these accounts and also get into the habit of changing password regularly too.

Keep apps updated

It’s important to keep your email apps and browser updated. With each new update usually bringing some types of new security with it. This is needed because these hackers are constantly finding loopholes to get through the existing security measures.

The second that an update becomes available, you need to make sure that you do it.

Summary

It’s important to note that, whilst you can take all of these safety precautions, there is no way of being 100% safe against these phishing attackers. Make sure that you are vigilant at all times and double check before you open a link or file.

Share this post
Facebook
WhatsApp
Twitter
LinkedIn
Email

Leave a Reply

Your email address will not be published. Required fields are marked *