indicatorCybersecurity and Fraud Protection

How to protect yourself (and your business) from phishing emails

By ATB Financial 1 March 2021 3 min read

If you have an email account, you’ve probably received your fair share of phishing emails: receipts from things you’ve never bought; emails with poorly worded text masquerading as well-known companies; or even the occasional request from a foreign prince for your credit card information.

Phishing emails can be potentially damaging to both you and your company. These emails work to create a false sense of urgency and are designed to trick you into performing some sort of action that can give the hacker access to your devices. With a business, hackers typically aim to infiltrate the email inbox of executives, and then request a money transfer or wire to a foreign country.

On top of “normal” phishing emails, spear phishing is a more complicated technique used by scammers to access your system. If phishing in general casts out a wide net, then spear phishing is like targeting a single fish (or person) in a barrel. Spear phishing is an extremely targeted attack, usually aimed towards executives or high level staff members that have a large public presence. Hackers will investigate a person’s social media presence, like Facebook and LinkedIn, to figure out what they like and value, and then use that against them. For example, if you post about your rescue dog and your time volunteering at animal shelters, a spear phishing email may come in with a link asking you to help support an animal organization, and if you click the link a hacker can access your device.

But how do you know if you’ve been targeted by a phishing email? We’ve outlined five ways to help you spot a phishing email that may be lingering in your inbox:

1. The email is sent from a public email address

Look at the sender’s email address, as this can help identify if the person is truly who they claim to be. Often, the fraudster will use a public email address such as gmail.com. If your bank or colleague is going to email you, it will come from a company email account with the company name in the email address.

2. Strange attachments

If you receive an unexpected email or an email from someone you don’t know asking you to open an attachment, do not open it. These attachments can contain malware that can harm your device and capture your personal information.

3. The creation of a sense of urgency

Phishing emails often ask recipients to verify personal information, such as bank details or a password. They can create a sense of urgency by warning that your account has experienced suspicious activity or pretending to be someone you know who is in urgent need of financial help.

These are massive warning signs. If you are ever unsure, contact the company or person using the contact details you already have for them or that are on their legitimate website. Never use any contact details or click any links provided in the email.

4. Links to unrecognised sites or URLs that misspell a familiar domain name

Phishing emails may ask you to click a link within the email. By hovering your mouse over the link or address, you can see the linked site’s true URL. These URLs can be slightly misspelled or completely different to what you are expecting, so always double check before you click.

5. Poor spelling and grammar

You can often detect a phishing email by the way it is written. The writing style might be different to that usually used by the sender and it might contain spelling mistakes and poor grammar.

Protect your business from cyber threats

ATB's Cyber Security Toolkit is full of tips that are easy to implement in your business.

Need help?

Our ATB Business Solutions team will be happy to assist.