How to Detect Phishing Emails

How to Detect Phishing Emails

Phishing attacks, where users mistakenly click on a link or download an attachment with malware, are one of the most common cybersecurity threats facing businesses today.

In fact, these type of attacks spiked by 510% in January-February 2020 alone, according to the 2021 Webroot BrightCloud Threat Report. Overall, phishing incidents nearly doubled in frequency, from 114,702 incidents in 2019, to 241,324 incidents in 2020, according to Tessian.

So how do you protect your team, and your business, from phishing attacks? Here are some tips.

Start with the “smell test”

Before we even get into any of the technology that can help with this, ask yourself whether the email you received makes sense. For example, emails that include a request to change your invoice or banking details, or that tell you that your password has expired, are all red flags.

Check the style of the email

Phishing emails often have specific characteristics that make them stand out. For example, the grammar will be incorrect, or the fonts will look odd. That’s because a lot of phishing emails are being generated by bots. You only connect with a person once they’ve got you on the hook. They will often also email at odd times, like the middle of the night.

Double check the sender info

Take a look at the “from” line of the email. Does the email address and sender information match? For example, if you receive an email from Techify’s Help Desk, the email domain will say “@techify.ca.” Phishing emails sometimes spoof the domain name. So instead of lawoffices.llp.ca, the bots will remove an “l” from “llp” to lawoffices.lp.ca. It’s a small change with a big impact!

Put protections in place

If you’re involved in planning out the technology roadmap for your company, you should ask your IT team about other protections that should be in place. For example, have you installed Advanced Threat Protection via Microsoft? Do you utilize multi-factor authentication so that a hacker can’t easily log into an email account? What about the firewall? What do you have in terms of end-point security on corporate computers?

These are just a few of the questions to think about. At Techify, we have a zero-trust standard when it comes to cybersecurity. That includes email. Before you click on that link, you need to verify that it’s secure.

We would be happy to assess your company’s security processes. Contact us today to book an assessment.

Related article: How to Protect Your Business From Cyberattacks