Skip content

4 ways to detect phishing attempts: email protection 101

Phishing has been around since the early days of the Internet, but it remains a major thorn for businesses and individuals. These deceptive emails attempt to trick users with harmful attachments and misleading links, using convincing promises, requests or anxiety-inducing news that leads people to not think clearly.

While you might think you can spot a phishing email from a mile away, the FBI’s Internet Crime Complaint Center (IC3) found that more than 240,000 people fell victim in the United States alone in 2020. Whether you need to protect yourself or educate your employees against cybersecurity risks, consider these tips to detect phishing attempts that land in your inbox.

1. Check Email Addresses

The display name on a specific email might be a household name, but that doesn’t mean you should immediately let your guard down. This can easily be spoofed, while the domain address is another area that cybercriminals attempt to exploit during a phishing attack.

Always read the domain carefully to determine whether the address is accurate. For example, a sophisticated phishing attempt might impersonate a business by creating an email address that looks official but is a carefully disguised misspelling.

Meanwhile, a large-scale business will never send an email from a Gmail or a Yahoo email address. Look at the company’s website to find their real contact information and compare it against the email you receive.

2. Typos and Desperation are Suspicious

Even the biggest companies in the world make spelling mistakes in their official communication. But the appearance of numerous or unusual typos in an email should raise red flags about whether it’s a phishing attempt.

Although it’s hard to determine between real and deliberate typos, some cybersecurity consultants believe scammers make obvious mistakes on purpose. This is because there’s a perception that people who reply to blatant phishing emails are especially gullible, making them suitable victims.

Phishing emails can also be identified by a desperate tone. This often includes emails from attackers pretending to be from a government authority, informing users that they've broken the law in some way. You might also hear from a long-lost relative that needs you to send money today.

3. Look Out for Unsolicited Attachments

It’s common for phishing emails to include unsolicited attachments. This is because these files can be used to inject malware onto your home or business computer, potentially putting the rest of your network security at risk. Several everyday file types are used to contain malware, making them particularly effective at tricking unsuspicious users.

For example, malware is often hidden within ZIP files and RAR archives. Meanwhile, Microsoft Office files, including Word (.doc, .docx) and PowerPoint (.ppt, .pptx), and PDF documents are also used to mislead email recipients into downloading dangerous files that contain harmful viruses.

If you receive an email with an unexpected attachment, always confirm the sender's address.

4. Check for Misleading Links

Just as the sender domain can be misleading, the links included within the body of an email can also cause users harm. However, there’s an easy way to assess these links without ever having to click them and potentially put your network security in jeopardy.

By hovering the cursor over links within emails, the browser will display the destination in the corner of the screen. This helps users quickly check whether a link is intentionally deceptive or contains an unwanted download link. Always hover over email links to ensure the destination is safe to visit.

Chat with the Cybersecurity Experts

Phishing emails remain a challenging cybersecurity concern for businesses and individuals alike. However, following these tips will help your organisation protect itself against common threats that can be easily averted.

For even greater confidence in your network protection, the cybersecurity consulting services at LRQA are second to none. Get in touch with our highly experienced team to find out how our certified cybersecurity consultants will safeguard your business.