How to spot a phishing attempt in a suspicious email

Phishing is an attempt to scam the email recipient into carrying out an action giving access to a device, or dupe them into giving out confidential information. If you’ve received a suspicious email, read on and discover how to know whether this is an attempt at phishing (if you’re in doubt, you’re probably right!).

With phishers becoming increasingly sophisticated, it can be hard to spot their emails. Scammers will pretend to be someone you know and/or that works within your organisation. Following the steps below should help you recognise and deal with suspect emails.

1. Check the sender’s address thoroughly. Phishing emails often have a different address to which replies are sent. This allows scammers to change the communication path. Check email message headers and look out for the ‘reply to path’. You can view the message internet headers by right clicking on an email and viewing ‘Message Options’.
2. Have policies in place which require other forms of authentication and approval when carrying out an action over email. You’ll add another layer of security should a phishing mail get past you. For example you could follow up a request to transfer funds with a verbal or web portal sign off.
3. Never click links or open attachments in emails you hadn’t expected. Even if you know the sender! Store internal documents within a shared location. If it is an external document, contact the sender via another means to validate their intent. Be aware that phishing attacks may not be a one-off occurrence and someone may have already established a level of trust and communication with you before asking you to carry out a detrimental action. If a request seems odd, out of the ordinary or just does not sit right then always follow up verbally.
4. Do not forward suspicious emails on to other users even if you are attempting to warn them. You are increasing the risk that someone may accidentally carry out an action within the email and activate its original purpose.

Can you stop phishing emails?

Although you can take steps to stop phishing emails from getting through, ensure first that you and all staff having access to emails are aware of the risks and what they must look out for. Make staff aware that if there is any suspicion at all over a link, attachment or request it should be verified.
With that said, the following actions can be taken if appropriate for your business:

Block and specifically approve attachments through your spam filter or sign in to the Exchange or Office 365 admin centre. Here you can create a new transport rule to explicitly deny all executable file types (a file that contains a program). Have a managed list of safe file types your organisation accepts.

Create Microsoft Exchange or Office 365 transport rules to clearly mark external senders in the subject line. You can add a rule which appends the subject line with ‘[External]’ if a message is sent from outside of the organisation. Though this can be quite intrusive in an email chain it’s relatively simple to configure and you’ll add a layer of security in spotting external emails purporting to be internal.

Don’t be afraid to ask

We will finish by repeating the message: if in doubt, verify! A simple question could save you and your business a lot of time, resources and stress.