How to spot and prevent a phishing email

10.08.22

Do you remember the ‘I love you’ virus? It’s been over 20 years since this virus infected more than 50 million devices causing large organisations shut their mail systems down completely.

The computer worm was hidden in an email with the subject: ILOVEYOU and an attachment “LOVE-LETTER-FOR-YOU.TXT.vbs”, tricking its victims into believing it was an email from someone confessing their love for them.

More recently, cybercrime has seen a spike due to Covid-19 related attacks. Simply having a username and password to secure your account is not enough. More than ever, hackers are obtaining access to accounts. so we’ve put together a few key things to look out for and our recommendations for services which can strengthen your cybersecurity.

Some questions to ask

Is the email address irregular?

Check who the email is from – do you recognise the email address, is it spelt correctly?

A hacker may use impersonation when sending an email, however there may be minor differences which set them apart. For example, @geeeks.co.uk rather than @geeks.co.uk or they will not use the company @ at all.

Is their request expected?

Hackers can come up with believable scenarios in which you need to provide your credentials or sensitive information such as your payment details. However, if you were not expecting the request, it may be best practise to check that it was them requesting the details.

Does the email use good spelling and grammar?

Often, when an email is sent out by a large company, it is thoroughly checked beforehand. Therefore, if the email contains spelling mistakes and/or poor grammar, it is likely that it is not from who it says it is.

Does the URL match?

If you suspect an email is phishing, one thing you can check is whether the URL is mismatched. Often the written URL appears valid, however if you hover your mouse over it, you should see the actual hyperlink. If the hyperlink is different, it may be suspicious.

Does the email create a sense of urgency?

Phishing emails often ask the recipient to act fast otherwise the offer will expire or action will be taken. Take your time to assess the email, if the email is alerting you to an account you have with an organisation, log in separately in a new browser or ring up using their official phone number through their website to check the claim.

Recommended Cybersecurity Features

Below are some great cybersecurity features you can get to stay safe.

Multi Factor Authentication (MFA)

MFA should no longer be considered an optional extra, it really is a must-have feature to properly secure all accounts that can be accessed from the internet. Computer Geeks recommends immediate implementations of MFA for 365. MFA adds an additional layer of security above a traditional username/password, by introducing the requirement for extra mechanisms of authentication (e.g. Mobile App approval). As such accounts can be better protected against phishing and password attacks.

Did you know your Microsoft 365 account is 99.9% less likely to be compromised if you are using MFA?

Advanced Email Security

Advanced Email Security sits in front of Microsoft 365 Email, scanning web links (URLs) and attachments to detect and protect against malicious content. The service also provides improved defence against phishing and impersonation attacks.

Microsoft 365 Backup

Do you know that Microsoft 365 does not include backups?

Cloud backup for 365 is now strongly recommended. This protects you against data loss of your Email, Files and Teams within 365. Data held within Microsoft 365 (Email, SharePoint and Teams related data) can be quickly restored, in a granular way (e.g. an individual file or email). Backups are taken 3 times a day and stored in an encrypted format within a UK based datacentre.

Here at Computer Geeks we provide all these through Geeks 365 Secure which adds our recommended services and configurations to better secure your core cloud services (Exchange Email, OneDrive & SharePoint files & Microsoft Teams).

Report any suspected phishing attacks to your IT support company

Our customers can report any potential phishing attacks to our friendly and professional team. They will take a look and verify whether the message is legitimate. If required, one of our engineers can see if there is any unusual activity taking place on their systems and support the user/s with any necessary next steps.

We’d love to discuss this further, give us a call on 0117 325 0370 or email info@geeks.co.uk