Contact Support

If you are an existing client to get support call us on:

+44 (0)1483 412 042

OR

Login to the portal

Support portal

If you've been given a 6-digit support code

click here

Not an existing customer?

Contact us

How to spot a phishing email

How to spot a phishing email

Can you identify a phishing email from the real thing?

A few years ago, I received an invoice from Apple for something I hadn’t purchased. My immediate reaction was panic. I thought someone had hacked into my Apple account, and now they were happily spending money on my account. But, as I hovered over the cancel subscription link on the email, something made me pause and take a second look.

On the face of it, it looked like an email from Apple but as soon as I looked a little deeper I noticed more and more things that didn’t add up. My information security awareness training kicked in and I realised it was a phishing email.

Spotting a phishing email is an important skill to master because phishing accounts for 90% of data breaches. And once hit, 15% of people successfully phished will be targeted at least once more this year. Here are a few tips for how you can identify a phishing email.

6 easy ways to spot a phishing email

  1. Check the address and subject line
  2. Be suspicious of untidy design
  3. Look out for spelling mistakes
  4. If it’s too good to be true, it probably is
  5. Consider context. Where you expecting this email?
  6. Compare if you can

What is a phishing email?

A phishing email is a fraudulent email that attempts to scam you by looking like an email from a legitimate business or person. A phishing email tries to get you to let your guard down and give access or information to cyber criminals. They are often designed and written in a way that looks like an official email that requires urgent attention.

How to spot a phishing email

Good phishing emails look like the real thing. So how do you spot one? Here’s an example of how, with the benefit of training, I avoided putting my data and my company’s network at risk.

Here’s the phishing email that was sent to me. Check out the differences between a legitimate email from Apple Inc. and a phishing email from a hacker masquerading as Apple Inc.

Here are the two emails side by side. (I have blurred out my personal details)

On the left is the real invoice from Apple. On the right is the phishing email. On the surface they look very similar but I found 9 differences.

 

1. From address and subject line

The address the email came from was suspicious and the subjects were different.

2. Email design & styling

On the legitimate Apple email all the hyperlinks are in a light blue with no underline. In the phishing email they are a darker blue and all underlined.

3. My details

On the real Apple email they list my email address and home address. The phishing email only has my email address (as I assume the hackers don’t know my home address). I have blurred out my personal information.

4 & 5. Changes from the usual email layout

On the real Apple email there is a hyperlink for if you have questions about your bill this sentence is missing completely from the phishing email.

Password preferences hyperlink. On the real email the hyperlink is part of the sentence, in the phishing email it is below the text.

6. Spelling errors

This is lazy even for a hacker. Spelling errors are an obvious red flag. Normal emails are proofread and carefully edited. Phishing emails are not.

7 & 8 Limiting contact options

Firstly, the wording around cancelling your purchase on the real email is very different from the phishing email. Apple offers you three links to click to contact them. The phishing email gives you one. This increases the likelihood that you will click it.

Secondly, the hyperlink for Manage/Cancel subscription on the phishing email is different from all the other hyperlinks.

I didn’t click on the link for obvious reasons but I assume it would take you to a page that either encourages you to enter personal details (possibly including payment information) or it could be a malicious link that releases a virus onto your machine.

See below for what the link looked like when I hovered over it. (all I have blurred out of this image is my personal email address)

9. The Apple logo.

The last obvious difference I could see was the second Apple logo which was different on the two emails. Left is real, right is phishing.

At first glance this email was very convincing, it really takes a trained eye to spot the difference – these are far more sophisticated than emails from Nigerian Princes seeking to move £10m out of the country!

Once I delved a little deeper there were actually quite a few signs the email was not legitimate. Other phishing emails may only have one or two clues so it is vital you are always vigilant when looking at your emails and if something doesn’t feel right, don’t click on it.

What really stopped me from clicking on the link was my recent information security training. It helped me understand what to look for and question in a seemingly legitimate email.

A workforce, aware of cybersecurity, becomes a human firewall that adds another layer of protection to your IT infrastructure.

If you would like to know more about infosec and how to formulate your own cybersecurity strategy, contact us to find out more.

 

Find our more about ramsac's cybersecurity services
Registration No. 26980136
Terms and Conditions | Privacy Notice
Richard Renson
Richard Renson
16:54 10 Dec 18
Great, helpful IT Kings and Queens
Andrew Worth
Andrew Worth
12:37 30 Aug 18
fine bunch
Colin Warner
Colin Warner
08:46 06 Dec 17
Excellent managed service provider.
Selom B
Selom B
11:58 10 Dec 16
First Class!! Responsive, knowledgeable, professional and very easy to work with - Ramsac have been a fantastic strategic IT partner for the last few years and I'm sure will continue to be for many years going forward. I would highly recommend them!
Ian Windle - Inspiring Leadership
Ian Windle - Inspiring Leadership
08:53 04 Jul 16
Great IT business, with a powerful management team. Could not recommend them more highly.
Patrick O'Luanaigh
Patrick O'Luanaigh
10:55 01 Jul 16
A truly fantastic IT support company - I can't speak highly enough about them.
Sarah Whitemore
Sarah Whitemore
11:59 20 Jun 16
I have known Dan May and Ramsac for 5 or 6 years now. Dan is such a great guy and really helpful with strategic advice and input on all things IT. He's so approachable and doesn't baffle you with IT jargon. If you are looking to outsource your IT or you have a problem you need help with Dan is definitely the one to ask.
Jonathan Richards
Jonathan Richards
12:14 31 May 16
I've worked with Ramsac for many years and whole heartedly recommend their services. They are always professional, approachable and have the rare skill of making IT understandable. Their can do attitude leaves you feeling that you are in safe hands.
See All Reviews
© 2019 ramsac. All rights reserved.