6. Does it include attachments or links?
Fraudsters are always looking for ways to progress you through the scam process and gather sensitive information. To do this, they often include links or attachments that appear inviting or necessary to click on.
One of the most common is infected attachments, such as a fake invoice. These might seem benign, but secretly contain viruses.
If you or an employee opens the attachment, it will be too late. The document unleashes malware onto the victim’s computer, which can be used to steal personal information.
Startups’ advises that you never open an attachment unless you are fully confident about where it’s coming from. Even then, keep an eye out for anything suspicious.
For example, if you receive a pop-up warning – don’t proceed. Contact the sender through an alternative means of communication and ask them to verify that it’s legitimate.
You can spot a suspicious link if the destination address doesn’t match the context of the rest of the email.
For example, if you’ve received an email from Disney+, you’d expect the link it is sending you to have a domain name like ‘disney.co.uk’.
Some suspicious links are harder to spot than others. Take this recent well-designed fraudulent email from software cryptocurrency wallet, MetaMask.
It was very hard for users to spot that something was wrong. However, the time pressure signal that ‘all unverified accounts will be suspended on Wednesday May 11 2022’ meant some customers didn’t buy into the scam and avoided clicking on the link.
In cases such as the above, a good rule of thumb is for your employees to carry out all responses to potential phishing emails in a new tab.
If the message is alerting you to look at something linked to an account you have with a company, organisation or retailer, they should log in or make the call separately under a new tab or window to corroborate it.