Diamond IT Blog

How to spot a phishing attack in your inbox

Written by Samantha Cordell | May 20, 2021

Regardless of whether you are a freelancer, small business, or enterprise, phishing attempts are targeting Australian organisations of all sizes. And while phishing emails have been used by cybercriminals since the early 2000s, the threat has never been greater as they become more sophisticated and harder to identify.

Let's take a refresher on what exactly a phishing attack is, and how you can identify when one enters your inbox.

 

What is phishing?

A phishing email attack is a deceptive email that pretends to be from a trusted individual or organisation in order to scam sensitive data (such as your credit card details, login details or password) from a user or install malware on their system. 

Phishing emails are far more common than you may think and have become increasingly difficult to recognise from genuine communications.

Often prompting you to click a link, or open an attachment, phishing emails commonly imitate law enforcement, banks, postal services and government departments.

So, how can you spot a phishing email?

 

Check the sender's email address

You may receive a legitimate-looking email from a sender such as "PayPal" or "MyGov", however, always ensure that you take a close look at the sender's email address of all emails. While some email addresses may appear obviously incorrect (such as PayPal - 24389gh@payl-pal.com.au) others will be more deceptive, differing only slightly from the organisations' true address. See the example below to see just how similar and genuine an email address from a cybercriminal can look.

Check facts and confirm information requests

Often phishing attacks that pose as other organisations will provide updated payment details or invoices in the hope of catching unsuspecting individuals out. It is best practice to always verify any information or payment requests received via phone call.

 

Watch out for poorly written emails and spelling mistakes

Always be suspicious of emails you receive that are poorly written or contain spelling mistakes. While sophisticated phishing attacks may be impeccably written, many still contain this telltale signature.

 

Be wary of links in emails

Most phishing attacks aim to trick the receiver into clicking an infected link or malicious file attached to their emails. By doing so, malware is easily downloaded onto the user's system. All links, images, and attachments of any file type should be treated with caution. By hovering your mouse over a link, you can identify whether or not a link looks legitimate. Anything unexpected or suspicious-looking should be verified with the sender. 

 

Everything is urgent!

Phishing attacks typically request prompt action and create a sense of urgency in order to trick users into clicking a link, passing on information, or accessing a file without stopping to question what is being asked of them. 

Take a look at the example below. could you identify that this email was a phishing attack?

How can you educate your business about phishing attacks?

Unfortunately, phishing attacks are successful because of the actions of people within organisations. The most important step in protecting against these attacks is cybersecurity awareness and education training for all members of staff.

The purpose of Cybersecurity Awareness Training is to educate staff about cyber threats and attacks they may be subjected to each day. Training for all levels of users in your organisation on cybersecurity awareness raises people’s vigilance on what to look for to spot a cybersecurity threat, such as a phishing attempt, as well as having the skills to safely take the appropriate action required if they do receive a malicious attempt.

 

How Diamond IT can help improve cybersecurity in your organisation

Diamond IT's Online Cybersecurity Staff Awareness Training can have an immediate impact on your security posture. 

Our Business Technology Managers (BTMs)  and Technology Consulting team are specialists in improving your internal cybersecurity, and are ready to speak with you. Contact our team on 1300 307 907 today.