Fishing for Phishing Emails & How to Spot Them

Phishing emails are often so ridiculous that you naturally pass the by without a moments’ though – probably on a daily basis. Unfortunately, however, there are many unsuspecting victims who can fall for these fraudulent messages; opening the phishing emails and sometimes even following the actions recommended within the message.

Though there is not “one size fits all” response to dealing with these phishing emails, there are a few different ways in which we can identify them – and help others as well.

Check the URL

If the message contains links to websites or other sources, spend a minute hovering over them to check the validity. Often a phishing email will contain mismatched URL’s, so the hyperlink will appear differently to the address displayed. If this is the case, the message isn’t real.

Misleading Domain Names

To understand this one, there is one simple trick you need to remember. If a domain name is linked to a legitimate site, the page you’re looking for will appear before the owner site. For example, info.domainname.com is perfectly legitimate, while domainname.maliciousinfo.com is not.

Please do note that these are dots and not forward slashes, as the forward slash should rightly be at the end of a web link as a page from the original site. If it’s a forward slash you’re safe, but a dot should always be checked.

Silly spelling and grammar errors

Phishing emails are often created by robots or simply by people who don’t have the competency to check their spelling and grammar thoroughly. If it contains silly errors, it’s probably not legit.

Be careful about personal information

In May 2018, every company was forced to become GDPR compliant. As such, any email you receive that asks you for personal information needs to be checked – because it most likely isn’t what it says it is, and if it was then that company would be in serious trouble.

Is it realistic?

This could well be a matter of opinion, but if the offer seems too good to be true then perhaps it is. If the message makes some wild and big promises, and doesn’t appear to be from someone you recognise, it’s probably not real.

Are you expecting it?

If you get an email saying you’ve won the lottery, despite never having brought a lottery ticket in your life, common sense points us towards this being a scam.

Are they asking for any sort of money?

It might not be today, or even next month, but eventually a phishing email is likely to try its luck and ask you for money. If all the other tell-tale signs haven’t thrown up a red flag yet, this one is sure to make you think twice.

Do they threaten you?

One of the most common kinds of phishing email makes claims against you and then tried to blackmail you into giving over personal information or even money. If the threats are unrealistic and you are being accused of something you haven’t done or aren’t in any way linked to, it’s a phishing email and should be blocked.

Does it look on the surface like it could be from the government?

If they’re pretending to be a government agency, they’re not. These kinds of organisations don’t just email you out of the blue, so you can rest assured that if they claim to be from the FBI or other law enforcement agencies, they’re trying to trick you.

It doesn’t feel right

The last one relies on your gut instinct more than anything – and that is this, does it feel right? If not, trust your instinct and ignore the message. The worst that can happen is a legit message has to contact you again because you ignored the first one; but better that than falling for a phishing email.

Cybersecurity for small business websites

All too often the media shares stories of large organisations and companies that have been hacked through their website; stealing customer data and private information that can be extremely damaging both in the short term and the long run. The unfortunate truth however is that it’s not just these large-scale companies that are being targeted. Small businesses are just as likely to be targeted – we’re just far less likely to hear about it.

Recovering from a security breach is expensive and can be catastrophic for a small business without the necessary cybersecurity measures in place. Read on for some of the most basic ways you can protect your site and your business from harm.

Keep your domain information private

If a hacker has access to your name, your email address or even your mailing address, they can use this information to hack into your website or worse. The more personal information they can collect about you, the easier their job is, and you could find yourself facing a case of stalking or identity theft. Employ domain privacy to shield all your personal details from hackers and identity thieves.

Invest in an SSL certificate

Many internet users now will not trust any website without an SSL certificate in the browser bar, and we know Google relies heavily on SSL certification for a good ranking. However, this isn’t just a good investment for business – it also protects your site from hackers by encrypting all the data stored on it. All of our hosting packages come with free SSL certificates as standard!

Automatic backups

One of the most damaging ways a hacker can destroy your business is to crash your entire website or cause such problems that customers can no longer access your site.

With an automatic backup, you can work safe in the knowledge that should anything happen, you know you have everything you need to get the site up and running again quickly and easily. Ensuring that the automatic backup updates itself on a daily basis is key to being able to restore as recent a version as possible should it become necessary.

Malware scans and removals

It sounds like something out of Doctor Who, but cybercriminals are now a very real threat to small businesses that work online. With access to coding that can steal data and allow access to your site at the click of a few buttons, cybercriminals can attack a site before you even realise it’s happening. That’s why automatic malware scans are so vital.

These malware scans perform regular automated scans on your entire site; identifying and removing any potential threats to your security. By investing in one of these, you can be sure that any vulnerable areas will be identified and fixed before a hacker can exploit them.

Domain renewals

Another thing worth investing in simply because it can be done automatically, is domain renewal. After an allotted period of time, your domain will come up for renewal and if you don’t act quickly you can lose control of your business domain name. Not only is this bad for business, but it also leaves you expired domain open for exploitation and unregistered access, whereby any cybercriminal could find out yours and your customers personal data and email addresses.

This can be prevented with automatic domain renewal – an easy way to register your domain name so that when the time comes for renewal, your site will do so automatically. This can generally be managed through the billing information on your domain registration account.

Automatic updates

Staying up to date is one of the best ways to ensure fool proof security, not least because it ensures your cybersecurity is working to its newest and most effective version. Many updates that become available have been created to patch up the flaws left open in an old version, and so neglecting to update with them can mean that your site is still open to those flaws. And once a hacker gets in, it’s too late.

By setting up your WordPress and plugins to update automatically, you will be protected with the latest versions without even having to think about it.

Check your passwords

Creating a password is often a toss up between choosing something easy to remember, and choosing something that no one will ever guess – but that you might well forget. Trust us, the latter is much safer.

It’s important that not only you but anyone with access to your site uses a secure and unique password, as hackers can find a different way into the site even if your own password is super secure.

Login Forms

If your site includes a feature where customers can log in to their own accounts, you’re at risk of letting in a bot. These cyber bots are designed by hackers to try multitudes of potential login credentials until they strike gold with one that works; allowing them into your site where they can release malware to damage the business from the inside.

By adding protection layers to your login forms, this should be avoidable. Things like the reCAPTCHA tools we see all the time – where the login asks you to identify all the images with one thing in common – are good examples, as automated bots are unable to identify these. It’s also worth enabling a tool that gives customers a set amount of login attempts before they become locked out, as this annihilates the potential for trying multiple logins until one works.

These ideas are just some of the basis in cybersecurity, but they will ensure increased safety for both your business and your customers. And we think that’s an investment worth entertaining.