Providing a gateway to more serious cybercrime such as ransomware attacks, phishing emails can present a serious threat to enterprises and organisations. Whether their purpose is to fool a recipient into downloading malicious software on their machine or trick them into revealing their company credentials, the consequences of a successful phishing attack can have severe consequences.
While the latest mail security filters can dramatically reduce how many phishing emails make it through to the inboxes of your team, the best defence lies in recognising them when received. To this end, we’ve compiled a short list of signs that reveal the true colours of these insidious messages.
Emails issued by a public email domain
No genuine business will ever send an email from a public domain. Save for some smaller firms, most established enterprises will possess an official email domain and associated email accounts for staff. As a result, if you receive a message from an addressee that ends with ‘@gmail.com’ (or another well-known mail provider) that purports to be from a legitimate firm, you are likely looking at a phishing email.
Domain names that are misspelt
Another dead giveaway related to domains is when they are spelled incorrectly. A common tactic used by threat operators running phishing scams is to register domain names that closely resemble authentic names used by enterprises. Email spoofing relies on recipients paying little attention to addresses, but being mindful of this ploy can keep you safe from phishing attacks.
Poor English content
Often phishing emails are written by overseas operators, for whom English is not their first language. As a result, these malicious missives often feature unusual syntax and sentence structure or incorrect grammar and spelling. This can be an easy tell for phishing messages, but it is not always the case. In recent years, attacks have become far more advanced, incorporating not only correct English but cleverly styled language that impersonates company correspondence. The latest spear phishing attacks can even imitate specific individuals who may be trusted colleagues or partners.
Malicious links with a sense of urgency
Most phishing messages will include a link and urgently attempt users to interact with it. Time-sensitive phishing emails may threaten recipients with financial loss, missing opportunities or getting into trouble with their superiors. However, if a link is clicked on, the impact can be dire. Some links will result in malware being downloaded onto a company device, while others will take the user to a fake sign-in page that resembles a site they are familiar with. Once they enter their credentials, they are harvested by attackers who use them to penetrate company accounts and networks.
Keep your staff secure with Galaxkey
With an understanding of the diverse range of threats facing enterprise teams today, at Galaxkey we have developed a secure workspace. Packed with a range of useful tools that enhance email security, like data encryption and electronic document signing, our system has zero backdoors for attackers to enter.
Reach out to us today for a free two-week trial.