TL;DR
Phishing emails try to trick you into giving away personal information. This guide shows you how to recognise them and what to do if you think you’ve clicked something dodgy.
1. Understanding Phishing
Phishing attacks usually come as emails, but can also be texts or phone calls. They pretend to be from legitimate organisations – your bank, a shop you use, even your boss! The goal is always the same: steal your login details, credit card numbers, or other sensitive data.
2. Key Things to Look For
Suspicious Sender Address: Check the full email address, not just the name. Does it match the organisation they claim to be from? Look for misspellings or unusual domains (e.g., bankofengland.ru instead of bankofengland.co.uk).
Generic Greetings: Phishing emails often use “Dear Customer” rather than your name. Legitimate companies usually personalise their messages.
Urgent Requests: They’ll try to create a sense of panic – “Your account will be closed if you don’t act now!” or “Immediate action required”.
Poor Grammar and Spelling: While some phishing emails are very well-written, many contain errors.
Links That Don’t Match: Hover over links *without clicking* to see where they actually lead. The URL should match the organisation’s website. In most email clients you can do this by hovering your mouse over the link and looking at the preview in the bottom left corner of the screen.
Attachments You Weren’t Expecting: Be very careful opening attachments, especially from unknown senders. They could contain viruses or malware.
3. Checking Links (Technical)
If you’re unsure about a link, use an online URL checker. These tools show you the real destination of a shortened link without having to click it.
URLVoid: https://www.urlvoid.com
VirusTotal: https://www.virustotal.com/gui/home/upload (can also scan attachments)
You can also use the command line to check a URL’s reputation:
nslookup example.com
This shows you the IP address associated with the domain, which can sometimes reveal suspicious activity.
4. What To Do If You Suspect Phishing
Don’t Click Anything: Seriously, don’t click any links or open attachments.
Report It: Forward the email to your organisation’s IT security team (if applicable). Many banks and companies have dedicated phishing reporting addresses (check their website). You can also report it to the National Cyber Security Centre.
Change Your Passwords: If you think you might have entered your login details, change your passwords immediately – especially for important accounts like banking and email.
Scan Your Device: Run a full scan with your antivirus software to check for malware.
5. Resources
NCSC Phishing Guidance: https://www.ncsc.gov.uk/guidance/phishing
Take the Phishing Quiz (NCSC): https://www.ncsc.gov.uk/cyberaware/test-your-awareness
The post Spotting Phishing Emails: A User Guide appeared first on Blog | G5 Cyber Security.
No Responses