Dealing with spam and phishing emails is, unfortunately, something that we all have to deal with in the modern world.
The filters built into email servers and in particular into Office 365 are extremely sophisticated, blocking the vast majority of junk email but unfortunately some still manage to make it through to your inbox, in this article I will talk about the different kinds of junk email you may encounter and how to protect yourself.
Spam is generally defined as unsolicited bulk email, it’s a generic term which covers junk advertising as well as more sophisticated methods of attach such as phishing.
Many spam emails will be completely harmless, being a combination of adverts for real or fake products or newsletters of some kind.
Many can be completely bizarre, containing no apparent purpose, I recently received an email in my personal account which was simply a large string of random text, no links, no images, just a paragraph of random text!
These kinds of emails are very easy to spot and most of us just delete them on sight or flag them as junk, irritating but mostly benign.
Phishing emails have grown exponentially in recent years and are potentially far more dangerous than regular, unsolicited junk.
Phishing is an attempt to extract information from you, they may be attempts to extract credit card number, bank details or other personally identifiable information which would then be used for fraudulent purposes.
Many are very sophisticated and can be difficult to spot, take the below email as an example
Emails claiming to be from your bank are fairly common, they will often use genuine logos and invite you to login to your account.
Despite the fact that all of our banks tell us they never email us with links to login to their systems, the number of people who fall for attacks such as is huge.
The scammers will often direct you to an authentic looking copy of your bank website, once you’ve logged in, they have your banking logon and I’m sure I don’t need to elaborate on what happens next!
How can we tell that this is a fake?
- Hovering over the link reveals that this isn’t in fact directing us to suntrust.com but to a bit.ly address
- Read the first lines of the email – “We recently contacted you after noticing on your online account, which is been accessed unusually” is poor English grammar
Here is another example of a very common phishing attempt
This looks genuine enough and the thought of losing our Netflix account is enough to fill most of us with horror!
How can we tell this is a fake?
- Netflix, like most companies, will never send emails with links to logging into their platform
- Read the salutation in an email, what company would refer the an email recipient as “Dear”?
One final example
This is what is known as a CEO phishing attempt.
Attacks of this nature are limited to very few targets but have the potential to be very lucrative for the criminal behind the scam.
Imagine receiving a genuine looking email from your boss with an urgent looking request to transfer money to a client.
How can we tell this is a fake?
Since the attacker is targeting individuals at a specific company rather than just sending out many thousands of emails in a scatter gun approach it is likely that they have planned the email very carefully and grammatical errors may be non existent.
The one thing that will always reveal the scam is the email address, they will setup an email account with an almost identical domain name to your company, hoping that you won’t spot the difference.
How to protect yourself against phishing attacks
The most important thing is to never, ever click on a link in an email, or on any attachment unless you are 100% sure that it is safe to do so, if in any doubt then contact the sender for confirmation that the mail is genuine.
- Remember that very few companies will ever send a link with a login to their systems.
- If there are links or link buttons in the email, hover over it to reveal the address it is pointing to, if it looks suspicious then it almost certainly is.
- If you are unsure if the email has come from the person in the email then contact them via phone or other means to see if they did actually send it.
- Never forward the emails to a colleague, the more the email spreads, the greater the the potential for the scam to be effective.
- Never reply to one of these email, doing so confirms to the scammer that they have genuine email address and you will be targeted by an avalanche of more email!
- Report the email as junk, Outlook web allows you to block the email and report it to Microsoft, this helps to improve the automatic filtering that stops these kinds of emails even entering your inbox.
And finally, did I mention that you should never click on a link or an attachment unless you are 100% sure that it is safe?
I hope you found this article useful, if you’d like help with any aspect of your email security (or indeed security of any kind) then please get in touch, the team would love to help you.
How to setup MFA (Multi Factor Authentication) and the Microsoft Authenticator App on your MS 365 Account Once your administrator has enabled MFA on your account, the easiest way to login is by using the Microsoft Authenticator app. By setting up MFA, you add an extra...
Sharing files with internal or external users in both OneDrive & SharePoint is something we get asked a lot, it can be a little confusing on exactly how this works and what the do's and don'ts are so this post is to clear some of these questions up. Opening the...
Securing your documents is important, particularly when sharing them externally. There are a number of ways to 'Share' documents saved in Office 365 (OneDrive or SharePoint), some more secure than others.... but sometimes you want to lock down a specific file so that...