Cyber Security Awareness Month – Identifying a Phishing Email
Cyber criminals are constantly devising new and convincing ways to trick people into divulging sensitive information or downloading malicious software. To protect yourself or your organisation’s data, it’s crucial to be constantly vigilant for phishing emails. Here are some top tips to help you spot them:
Check the Sender’s Email Address
Phishing emails often use deceptive sender email addresses that mimic legitimate ones. Hover over the display name to look for any misspellings or irregularities. Be cautious of generic email addresses or unusual domain names.Verify the URL before you Click
Hover your mouse pointer over any links in an email without clicking them to reveal the actual URL. Be wary of shortened URLs or URLs that don’t match the organization’s official website or have misspelled variations.Be Wary if you are Asked to Login
Phishing emails may contain pop-up forms or links to websites asking you to login with your personal or company credentials so they can be stolen. Check the domain in the address bar and never enter confidential information in such forms.Beware of Urgent Requests
Phishing emails often create a sense of urgency, pressuring you to act quickly without thinking. Be sceptical of emails that threaten dire consequences or offer immediate rewards for taking specific actions. This may include emails purporting to come from senior managers.Check for Unsolicited Attachments
Don’t open attachments from unknown or unexpected sources, especially if they encourage you to enable macros or click embedded links. Malicious attachments can contain viruses or malware that can harm your device.Look for Generic Greetings
Phishing emails often start with generic greetings like “Dear Customer” or “Hello User”. Legitimate organizations typically use your name or a personalized salutation in their communications. If it seems impersonal, it’s a red flag.Examine Spelling and Grammar
Phishing emails often contain typos, grammatical errors, or awkward phrasing. Professional organizations generally proofread their communications thoroughly, so poor language should raise suspicion.Verify with the Organisation
When in doubt, contact the organization directly through their official website or phone number. Confirm the legitimacy of the email or request before taking any action.Educate Yourself and Others
Stay informed about current phishing techniques and educate your colleagues and family about the risks. Awareness is one of the best defences against phishing attacks.Report Suspicious Emails
If you receive a suspicious email, report it to report@phishing.gov.uk. The NCSC can investigate and remove scam email addresses and websites.

In conclusion, phishing emails are becoming ever more convincing but by staying vigilant and following these tips, you can reduce your vulnerability to such scams. Always prioritise caution and verify the authenticity of any email that raises suspicions.
BlueSOC