Don’t get hooked with fraudulent emails – part 2

Phishing and Whaling emails are fraudulently trying to get information from you to get up to mischief of all sorts.

Here are some things to look out for:

  • Senders email address doesn’t match the organisation. Look at what comes after the ‘@’. An email from paypal with an email address that’s not something like ‘’ is NOT from Paypal.

Incidentally, an official email from a legitimate organisation will have its own email domain – it won’t come from Not even Google sends official emails through gmail. Their emails end in ‘’.

  • Grammatical errors and spelling mistakes
  • Scare tactics or urgency
  • Did you spot the grammatical error in this email as well? Also, the English isn’t common usage – we would normally say “last week”, not “the previous week” so this is another red flag.
  • A link asking you to log on to something – the scammers want to steal your username and password. A legitimate organisation will never give you a link to log in with in an email.
  • Compressed attachments (eg zip files) may contain viruses. Beware of opening them unless you are expecting them
  • Links that hide what they really are – hover your mouse over the link and the destination address appears in a small bar along the bottom of the browser.
  • In this example hopefully the senders email address would also have alerted you.
  • If you haven’t heard of the company, google it to find out if it’s a legitimate business.

This is not an exhaustive list, but it’s a place to start. Sometimes even people with extensive training can be tricked by more creative attempts to commit cyber-crime.

Always be suspicious of emails from businesses or individuals that you weren’t expecting. Never click on a link in an email you are suspicious of. If you are not sure, contact the sender through their official website, phone or email address to confirm it is legitimate. Never reply to the email in question. It is possible for an email to come from a mass mailer system with a random looking email address but still be legitimate – but if you are unsure always check.

And always report anything you think is bogus to your IT and security teams. Send a screen shot, don’t forward the email.

If you think you may have been a victim of a scam and have sent any information change passwords and if bank records are involved contact your bank. If you think you may have clicked on a link that is dangerous unplug your computer from the network immediately and turn it off.

Treat emails like this as if they are a bomb – because it kind of is like one! Call your IT and security team for instructions straight away.

Speak to us at Focus to find out how we can help keep your business safe from cyber attacks.

Leave a Reply