How to Identify a Spoofing Attack or Phishing Email

Our team at Curve IT get quite a few calls from our clients about suspicious emails they have received.  We thought it might be useful to put together our IT advice and knowledge in a blog post.  While some of the following points may be benign when they appear on their own, look out for a cluster of a few of these appearing on the same email, and if in doubt don’t act on it.  You can always contact us at Curve IT for support you may need.

Verify by Phone

We advise all our customers to NEVER send a significant amount of money anywhere based on an email alone. Always take the time to verify the payment by phone with the person concerned prior to performing a bank transfer.

Don’t Trust the Display Name

To check the legitimacy of an email on your Outlook on PC, hover over the sender’s email address, click the down arrow on the right hand side of the window and you should see something like the image to the right. Scammers try and clone themselves as internal staff members to try and convince users of their legitimacy. If staff members get their personal e-mail accounts hacked, then scammers may route through their e-mails to find contacts they can pry on. We would always suggest changing any passwords on a regular basis especially around any suspicious activity.

Don’t Click Links

Hover your mouse over any links in an email. If the link looks weird to you, don’t click it. If you’re a client of ours, forward the email to us and ask the team to double check it if you’re not sure – we’re always happy to help you avoid a hack attack!

 Check for Spelling Mistakes

Commas in the wrong place are a dead giveaway that an email can’t be trusted. If you see a few errors or the English reads strangely, please be extra vigilant. Report anything suspicious to your IT contact.

 Beware of Urgent Language in the Subject Line

Phishing attacks often try to get you to rush or feel scared as it prevents the unwary from properly considering whether an email is genuine.

Beware of Unexpected Invoices and Attachments

Viruses are most often spread via an innocent word document or image file; however, the attacker relies on you downloading then opening the attachment. If you see something unexpected written in bad English, please call the sender to confirm the legitimacy.

Most antivirus and antispam software will detect and remove infected e-mails but occasionally something slips through.

 

Further information about Curve IT’s support service and security recommendations.