The current conflicts in the news bring an increased risk of cyber-attacks and threats to business data and operations. Over recent weeks we’ve already seen a rise in phishing scam threats and whilst we have always advised you to be cautious of clicking links or attachments from suspicious emails, we recommend now is a good time to refresh your memory of the common things to look out for.

It is important to know how to recognise suspicious emails and what to do if you receive one. We have listed simple questions all employees should ask when using email and explained how to deal with something that doesn’t seem right.

Before trusting an email ask yourself:

  1. Are you under pressure?

If the email requests you to click a link, download an attachment, or share information especially with any sense of urgency, be suspicious. Don’t automatically click links or attachments unless you are expecting them. If you are unsure of something you have been sent, contact the sender by another means to verify their intent.

  1. Is this out of character?

If the email appears to be genuine but seems out of character for the sender, treat it with caution and follow up verbally rather than replying. Fraudsters may try to build rapport in order to get what they want, such as a message from a senior member of the company asking for a discreet conversation over email to get you to impart information.

  1. Have you checked the email address?

Fraudsters can register domain names very similar to that of legitimate businesses in order to appear genuine at first glance. Words may be deliberately misspelled in order to read as a familiar address. Double letters are often used in the place of W’s or M’s, or extra punctuation added. Check the spelling and punctuation in the address are correct.

To do this on mobile, you’ll need to open the email. At the top, underneath the “From” and “To” lines, you should find a link entitled “Details” or “View details” click to expand the “From” and “To” details which will display the email address of the sender and details as to when the message was received.

  1. Have you double-checked with the sender?

Spoofing allows fraudsters to send emails that appear to be from an address that you recognise. If the email is suspicious but the address appears to be genuine, always double-check with the sender verbally.

What to do if an email seems suspicious:

Operate a zero-trust policy, follow up any emails you aren’t sure of in person or by phone if necessary. If you have any reason to believe that an email may be fraudulent

  1. Shift + Delete to clear it from your inbox
  2. Report the email to a supervisor
  3. Do not forward any suspicious emails. To inform others, use print screen (Ctrl + Print SC) or use the snipping tool to capture a copy of the email safely before deleting the original email (Shift + Delete).

To keep this advice for future reference or to share with colleagues, download a PDF