Email remains the primary entry point for cyberattacks, with phishing continuing to top the list of threats. According to Mimecast’s 2024 State of Email and Collaboration Security Report, 84% of organisations reported an increase in phishing attacks over the past year, and the sophistication of these attacks is growing.
However, many phishing attempts can be thwarted by knowing what to look for and taking proactive measures. Here are five red flags that signal a potential phishing attack and practical steps to enhance your email security.
1. Suspicious or Unfamiliar Email Addresses
What to Look For:
- Unfamiliar emails claiming to be from known contacts.
- Misspellings or extra characters in domain names, such as info@yourc0mpany.co.uk.
Action to Take:
Verify the sender before responding, especially if the request is unexpected. Use official directories or alternate communication channels to confirm authenticity. According to the Mimecast report, 67% of organisations experienced email impersonation attacks, making this step essential.
2. Generic Greetings and Impersonal Tone
What to Look For:
- Greetings like “Dear Customer” or “To Whom It May Concern.”
- Awkward phrasing or overly formal language.
Action to Take:
Be cautious of impersonal emails, particularly those requesting sensitive information. Training staff to recognise these red flags is critical, as 82% of organisations in Mimecast’s study consider human error a significant risk factor.
3. Urgent or Threatening Language
What to Look For:
- Subject lines like “Your Account Will Be Locked” or “Immediate Payment Required.”
- Threats of penalties or loss if you don’t respond.
Action to Take:
Pause and think before taking any action. Confirm requests by contacting the sender directly through a known and trusted channel. Remember, the Mimecast report highlights that 39% of organisations fell victim to attacks exploiting urgency or fear tactics.
4. Suspicious Links or Attachments
What to Look For:
- Links with mismatched URLs when hovered over.
- Unsolicited attachments, especially executable files like .exe or .zip.
Action to Take:
Always check where a link leads before clicking, and avoid opening attachments from unverified sources. Mimecast found that 56% of organisations experienced malware spread via email attachments, underscoring the importance of caution.
5. Requests for Sensitive Information
What to Look For:
- Emails requesting login credentials, payment information, or personal data.
- Claims of needing this information to “verify your account” or “prevent service disruption.”
Action to Take:
Never provide sensitive information via email. If in doubt, contact the organisation directly through their official website or customer service line. Mimecast’s report notes that 96% of organisations experienced phishing attempts aimed at stealing credentials.
Practical Steps to Strengthen Email Security
- Regular Training: Educate employees to recognise phishing tactics.
- Advanced Filtering Tools: Implement email security solutions that detect and block threats.
- Enable Multifactor Authentication (MFA): Add a layer of protection against unauthorised access.
- Conduct Simulations: Run phishing tests to assess and improve awareness.
- Update Software: Ensure systems are up to date to guard against emerging threats.
Stay Ahead of the Threats
Understanding the evolving phishing landscape is key to staying protected. Mimecast’s 2024 State of Email and Collaboration Security Report offers valuable insights and data to help organisations build resilience against these threats.
