IT Security: How to Identify a Scam Email

Australian businesses reported more than 5,800 scams in 2018, with losses exceeding $7.2 million.

Much of this increase comes from the sophisticated ‘business email compromise’ scams.

There are some simple tips every business can follow to help reduce the risk of being impacted by these phishing scams.

Here are our top 10 tips for identifying a scam email

1. Compare the sender’s display name against their email domain

Fraudulent emails can appear legitimate because most user inboxes only present the display name (which can be faked). Don’t trust this – hover over the address in the “From” header to ensure the sender’s domain is as you would expect.

2. Look, but don’t click!

Hover your mouse over any links embedded in the body of the email. If the link address looks odd, don’t click on it. If you want to test the link, open a new window and type in the website address directly rather than clicking on the link from the unsolicited email.

3. Check for spelling mistakes

Reputable organisations generally do not have major spelling mistakes or questionable grammar. Read your emails carefully and if you identify anything suspicious then report immediately to your IT team.

4. Analyse the salutation

Most organisations will now personalise their email communications with you, so be aware if they’ve got your name wrong or use generic terms like ‘Valued Customer’ or ‘Dear Customer’ when receiving emails.

5. Don’t give out personal information

Legitimate banks and most other companies will never ask for personal credentials via email. Don’t provide this type of information over email.

6. Beware of urgent or threatening language in the subject line

A commonly used phishing tactic is to create a sense of fear among users. Remain alert with subject lines or content that claim your ‘account has been suspended’ or your account has had an ‘unauthorised log-in attempt’. It is always best to phone your provider’s main phone line directly to verify, rather than following links or using phone numbers included in the email.

7. Review the signature

Respectable companies always provide contact details in their email signatures. If key details are missing, this strongly suggests the potential for a phishing attack.

8. Don’t open suspicious attachments

If you’re suspicious of an email, or you weren’t expecting to receive an email attachment – do not open the file!

9. Don’t believe everything you see

Err on the side of caution when opening and clicking on your emails. Just because an email’s branding, language and information seem correct – always take a questioning attitude and don’t open anything that looks suspicious no matter how legitimate it looks.

10. If in doubt, speak with an expert

It is always better to be safe than sorry. If you notice something that doesn’t look right, please check with your IT team before you open an email, attachment, or click on a link. They will be able to analyse the email and advise if it is safe or not.

Of course, prevention is always better than cure. At Huon IT, we offer an all-in-one Cybersecurity Awareness Training program. Educating your staff on how to recognize phishing scams and malicious attacks is the key to ensuring your company data remains safe.

- - - - -

Click on the image below to download a copy of our top 10 tips to share with your team.

Infographic: top 10 tips for identifying a scam email

Contact us today to chat about how we can help.

For more information on Cybersecurity Awareness Traning, click here

Security & Networking