Ways to recognise phishing emails that impersonate employees

The number of phishing emails circulating online will continue to increase. Therefore, it is important to know how to recognise phishing email attacks so that you can protect yourself and the company you work for from being manipulated by hackers. The tricky part of phishing emails is that they impersonate employees and if one person in a company opens these emails, it could affect the company’s overall security.

Firstly, before you can learn how a phishing email works, it is important to understand what phishing means. A phishing attack is a fraud tactic whereby an email is being used to lure the recipient into taking a specific action such as clicking on a link or opening an attachment, where sensitive information is collected by fraudsters which could have devastating consequences.

Ways of recognising a phishing email:

  • Inconsistencies in email addresses, company domain and URLs: Check the consistencies in email addresses, company domain and URLs by hovering the computer mouse over the link.
  • Requests for personal information: Phishing emails can ask you to confirm or change your password. A reputable company and employees will never send an email asking for your password, credit card number, or the answer to a security question.
  • Non-personalised communications: Make sure that you check the salutation (i.e. how you are being addressed) on emails sent from an external company. Generic salutation like “Hello” or “Hi” should not be trusted. Usually, when legitimate companies send you an email they will address you by your real name.
  • Suspicious attachments: A fraudster may unexpectedly send you an attachment such as an invoice or forms. The attachment could contain a malicious URL, leading to the installation of a virus or malware on your PC or network. Make sure that you scan the attachments using antivirus software even if you think the attachment is genuine.
  • Poor spelling and grammar: Most phishing emails are poorly written. Also, if you receive an email from a colleague and you notice that their tone is different than usual or their request is unusual, phone that particular colleague and confirm that the email was sent by them.
  • If you receive any suspicious emails, make sure that you do not open it, rather report it to your IT department for further investigation.

Iemas fights the good fight against fraud

The Iemas Ethics and Fraud Hotline is designed to enable stakeholders, including external parties, to raise unethical related matters and concerns via a properly governed structure.

Should you wish to report allegations of fraud or corruption anonymously, please contact us on: 0800 000 463 (toll free) | SMS: 33490 | iemas@whistleblowing.co.za | www.whistleblowing.co.za/make-a-report

Source: https://www.mimecast.com/content/how-to-spot-phishing/

Share this: