Our customers tell us we’re genuinely different to other IT companies.
Get in touch today to find out more.
Or call us today on 01225 426 800
This blog is part of our cybersecurity basics series which you can read here.
As a busy professional, it’s likely you receive lots of emails a day. But how many illegitimate emails do you receive? Experts estimate that scammers send 3.4 billion phishing emails per day, so the answer is likely ‘quite a lot’.
Although most email clients can manage and categorise phishing emails as spam, some may slip through the net and land in your inbox.
In this blog, we cover how to spot a phishing scam and provide you with 5 examples of the most common phishing scams cybercriminals use to target businesses like yours.
A phishing scam is a type of social engineering attack. The scam uses deceptive techniques to trick you into handing over sensitive information, such as passwords, addresses and financial information.
This information can be used to commit further crimes, such as fraud, stealing money and identity theft.
Phishing attacks are designed to gather masses of sensitive information, which criminals can use to their advantage.
As businesses hold lots of sensitive data, including information about their customers and employees, they make great targets.
If a hacker can infiltrate just one employee’s Microsoft 365 account within a business, they will have access to hundreds of bits of information, including emails, files, SharePoint libraries and more.
Once the account has been compromised, the hacker could use the employee’s email address to send out more phishing emails to target customers and other employees.
Most phishing scams have similar characteristics, which makes it easy to spot them (as long as you know what you’re looking for).
These are what you should check, but we’ll go into more detail
The first thing you should check is who sent the email to you. Quite often, phishing emails will come from either weird email addresses or email addresses from the public domain.
Sometimes, cybercriminals purchase domain names similar to the company that they’re trying to imitate. These domain names may be spelt slightly differently, for example:
A lot of the time, hackers will use public email domains, such as Outlook, Hotmail and Gmail accounts. It’s important to remember that most businesses don’t use public email providers and will send from an owned domain.
It’s also important to remember that following a successful phishing attack, a hacker may use the victim’s email address to phish their contacts.
Once you’ve analysed the email address, check how the email greets you. Typically, when a reputable business or contact emails you, they will have your name on file and address you accordingly. It’s common for phishing emails to start ‘Dear User’, ‘Dear Customer’ or similar.
Either this is a phishing scam or my grandmother recently got a job writing emails for Amazon. pic.twitter.com/qSaQph3dnm
— Liz Young (@LizYoungStrat) December 13, 2022
The next thing to look for is spelling mistakes and bad grammar. Phishing scams are notorious for poor spelling and grammar and tend to contain oddly worded sentences.
We cover some examples of this later in the blog.
As cybercriminals try to pose as a business, the branding in the email may not look right. Things might be misaligned, and colours/logos don’t match.
Obviously, not everyone is an expert on every brand in the world. But if something looks a little ‘off’, it’s best to check.
The success of a phishing attack relies on you clicking on a link, entering your details or downloading a file.
Due to this, phishing emails are known to create a sense of urgency and will often be based on a topic people worry about, for example, money, tax or cybersecurity.
As you’ll see from the below examples, common phrases used include:
The hyperlink is the most important part of the email.
Hackers will disguise the link behind link text, or a button.
To see what the actual link is, hover over the hyperlinked text or button and in the bottom right, the URL will appear.
If the hyperlink doesn’t match the URL of the actual company’s website, it’s likely a scam.
It’s all good and well telling you what to look out for, but it’s better to show you. Here are 5 examples of common phishing scams that target businesses.
This email suggests that there has been unusual activity on your Microsoft account. If your business relies on Microsoft 365, this email could be extremely worrisome.
Source: phishing.org
Why It’s Convincing
This email is particularly convincing for a few reasons. First, the email matches the same font and brand colours as legitimate Microsoft emails. With just a quick glance, this may be enough to convince someone to click on the link.
In addition, the scammer has changed their display name to Microsoft Team and they’ve also used Microsoft’s actual domain as the text for their hyperlink.
How You Can Tell It’s Fake
Upon closer inspection, you will see that the from email address is no-reply_msteam2@outlook.com which is clearly not an official Microsoft email.
Also, upon reading the email, you’ll notice that the wording is quite odd. For example, ‘someone from foreign I.P Address was trying to make a prohibited connection’.
Finally, the link behind https://www.microsoft.com does not match.
Emails from HMRC are rarely welcome, unless it’s a tax rebate. In this scenario, a cybercriminal is posing as the government informing us that we’re due a tax refund.
The news may fill some with enough excitement that they skim the rest of the email, ignoring the signs of a phishing scam and clicking on the link ready to claim back their hard-earned cash.
But if you pause for long enough, you can tell it’s bogus.
Source: Wellers Accountants
Why It’s Convincing
This email follows the same simple black-and-white branding as the government and (ironically) contains information about reporting suspicious emails to HRMC.
How You Can Tell It’s Fake
If you haven’t sent a tax refund claim form, the 1st part of their email makes no sense.
Also, the refund amount is in orange and looks off-brand.
The line ‘you will normally receive a refund of 253 GBP’ doesn’t sound like the tone HMRC would use.
Finally, HMRC will never ask for payment or personal information by email and send legitimate P800 tax rebates by post.
This companies house email asks us to verify our identity by a certain date, otherwise, our account will be ‘put on hold’.
For some business owners, this may cause enough panic to take action and follow the hyperlink.
Let’s look at this email in more detail.
Why It’s Convincing
Like the previous email, it matches HMRC’s branding really well.
How You Can Tell It’s Fake
Most importantly, the link included at the bottom of the email does not match the gov.uk domain.
As government organisations, HMRC and Companies House use a formal tone. The line ‘you are getting this email’ doesn’t sound like something HMRC would say.
It’s not uncommon for cybercriminals to pose as financial services companies, including banks and payment providers in a phishing attempt.
In this case, hackers posed as PayPal claiming that a user’s account was limited and that they needed to ‘login’ or visit the ‘resolution centre’ to resolve the issue.
In reality, both of these links would take the user to a malicious phishing site, but let’s look at it in more detail.
Why It’s Convincing
Yet again, the scammer has managed to match the branding really well and also uses a real PayPal scenario of a frozen account.
They’ve also included two hyperlinks which PayPal include in their emails.
How You Can Tell It’s Fake
Fortunately, the scammer used an outlook.com email address, something PayPal would never use.
Also, when you hover over the two hyperlinks, they don’t link to PayPal domains.
GoDaddy is an international domain registrar and web hosting company which many businesses purchase their domain name(s) from.
Recently, cybercriminals have been posing as the web giant coercing victims to ‘verify their domain’ by clicking the link.
As most businesses now rely on their website to bring in new business and communicate with existing customers, the thought of losing your domain name is worrying.
But this is in fact a phishing attempt.
Let’s take a closer look.
Why It’s Convincing
The scammer has managed to match the GoDaddy branding really well, including the font.
It also uses the customer’s name, which invokes a level of trust and authenticity.
How You Can Tell It’s Fake
It’s a common theme here, but the email address doesn’t match GoDaddy’s real domain, and neither does the link behind the ‘Verify Now’ button.
It’s unlikely that phishing scams will ever go away, so we must know how to spot them and avoid them!
We hope that this blog has provided you with the knowledge on how to spot a phishing scam. Of course, to recognise a phishing scam is only the start. If you or your colleagues receive a phishing email, we encourage you to report it to help protect others.
You can learn more about how to report phishing scams here.
As an IT support provider, we offer a range of IT services to businesses across the UK, including cybersecurity awareness training.
Our training programme puts your team’s knowledge to the test and helps to create a cybersecurity-focused culture. Using bite-sized videos and interactive learning, your employees will transform from your biggest security liability to your first line of defence.
Find out more about our cybersecurity awareness course