Call us on: 02920 887 362
Insights /

Look at these phishing email simulations, would you be fooled?

Unfortunately, Phishing emails are still at large for organisations across the globe. And users are still being deceived by then every single day.

If you aren’t familiar, phishing is a form of fraud that is used by cybercriminals. The goal is to impersonate a trusted source (this could be a person, brand, or business) and get users to disclose important or sensitive information. The motive of gaining sensitive information can vary, but data theft and financial gain are usually the two most popular.

On the surface, you are probably wondering why phishing is so successful? As scam artists are usually quite easy to sniff out, and there is a lot of warning when it comes to sharing your personal information.

In a business environment though, this is a little different. In fact, it’s quite easy to see why phishing is so successful…

Lack of employee training
How many organisations actually offer this?

Increasingly sophisticated techniques
Using graphic design and manipulation skills, this is now easier than ever.

More personalized campaigns
A surprising amount of your information is already available online.

Widespread availability of phishing tools
Cyber criminals are now investing in technology to be even more successful.

So what should you be looking for?

 

Here’s a quick checklist of things you should be looking to spot when a suspicious email hits your inbox…

#1 Mismatched URL’s

Often, the embedded URL in a phishing message will appear to be perfectly valid, but when hovering your mouse over the URL, the actual hyperlinked address may appear differently.

This is an indicator that the link could be fraudulent.

#2. Poor Spelling/ Grammar:

Large companies often have strict processes in place for reviewing company messages, especially when it comes to grammar, spelling and legality. So, if you receive a message littered with mistakes, there’s a chance it may not be from a legitimate source.

#3. Requesting Personal Info:

No matter how legitimate or official an email looks, it’s always a suspicious sign when they ask you for personal information. Banks and reputable companies will never ask you to send account or credit card numbers, as they should already know these details.

Now’s your chance to shine…

We’ve recently developed a cyber security platform called SecureIT. The platform trains users of organisations to become more savvy when it comes to dealing with their email inbox.

One way we’ve done this, is by sending 100% safe phishing simulations to multiple users and employees.

Here’s an example of one of our SecureIT phising simulations

Email into inbox

Link to log in

What gives it away?

 

    1. The senders email
      I think it’s no surprise that ‘microloft’ is not a real company…

    2. The hover link
      If this was a link to your organisations office 365 log in, the words ‘microsoft’ and your organisatiosn name would be in the domain.

    3. The URL of the destination page
      Again, your organisations name would be in this domain.

 

Would your staff benefit from cyber security training?

 

SecureIT is an automated training program designed to fundamentally improve your organisations cyber awareness. Here’s our overview video to find out more:


Want to find out more? Check out our SecureIT page here.

If you’re interested in how SecureIT can work for your business, get in contact with us on 02920 887 362 or send us an email at info@excellence-it.co.uk

You might also be interested in:

A Quick Intro to Patching

What is patching? And why do IT people talk about it so much?

When should you outsource your IT?

The short answer, and the one you’d expect from an IT support provider, is as soon as you can. But there’s a bit more to it than that.

Excellence on Ice