category filters go here

How to recognise a phishing email….

Over the last few years, cyber-attacks have become increasingly complex, yet a huge amount of attacks still originate from malicious emails.  ‘Phishing’ is the term used to describe fraudulent attempts to gather sensitive information such as usernames, passwords etc, via email.   While there are excellent tools available to protect your network against spam and malicious emails, (patching, malware protection, anti-virus, email filtering – will all help) there is always a risk that some will slip through the net.  Multi-factor authentication is the main defence against this kind of attack but if you don’t have this in place your last line of defence is your staff.  It is important that you equip them with the knowledge of how to detect key warning signs of phishing attempts.

These phishing emails often claim to be from a senior colleague or a mainstream service provider (such as Amazon, Netflix etc), with an urgent call to action.  They often ask you to log-in or verify financial details and a link within the email will redirect the victim to a fraudulent website.  Sometimes the emails will contain sensitive information, such as passwords, perhaps gained by criminals from a data breach of a large service provider.  This can give the illusion of legitimacy and make fraudulent attempts difficult to spot.  There are, however, a few warning signs, which can help your team spot these phishing attempts.

1)      Email address

The phishing emails often pretend to be from a recognisable brand name, such as Netflix, PayPal, TV Licensing etc.  So, the email may appear, at first sight, to be from a sender you recognise. Criminals often use the Display Name function of email to state the (fake) company name.  The key is to always check the actual email address.  You can hover over the display name with your mouse or right click on the sender name, to reveal the address.  The email address often is clearly fake and/or sent from a public email domain such as or

2)      Domain name misspelled

Anyone can buy a domain name and criminals often buy domain names, which are similar to legitimate sites.  They also use sneaky mis-spellings within domain names to fool recipients.  For example, using rnedia instead of media.  Generally, poor spelling and grammatical errors are a sign that something is amiss.  The tone of emails is often a red flag.  It may be an unusually formal email from a colleague, or an email, which uses the word ‘official’ several times.

3)      Sense of urgency or call to action

The emails often raise a concern with an urgent call to action.  It may say that your payment has been refused (as in the recent Netflix or TV Licensing scams), or that you have been victim of a fraud, or a senior colleague needs urgent action on an invoice etc.  You should always contact the sender to check legitimacy before acting on these requests.

4)      Attachment or link

The phishing emails often contain an attachment (perhaps an invoice , etc) which will launch malware on the victim’s computer.  Similarly, they might contain a link to a fraudulent website which will ask the victim to log-in to verify information.   Again, it is important to check where the link goes to before clicking.  Criminals will disguise the hyperlink behind a legitimate looking button on the site. You can check where the link goes by hovering your mouse over the link. It can be useful to have a policy of never entering financial details following a link from an email or text.

5)      Branding consistency, logo, official, quality of design

Criminals often use out of date logos and poor quality of design within their phishing emails.  Often a large part of the email is taken up by an image.  It something feels off with the design, it is worth scrutinising the other red flags as detailed above.

How can RedMosquito help?

We always recommend a multi-layered approach to cyber security and our Technical Consultants are happy to advice on the best solutions for your business.  We can advise on additional security measures which may help, including multi-factor authentication. We also offer a range of Security Awareness Training courses to our IT Support customers.  These courses educate your team on the how phishing attempts work and how to spot a malicious email.  The training is reinforced by creating simulated phishing attempts to test user knowledge over the following weeks.  If you would like to have a chat with us about how we can help your business, contact us today.

 RedMosquito Ltd provides IT Support and IT Security services to SMEs in Glasgow, Edinburgh and throughout Scotland.

Christmas online shopping safety tips

With Christmas a few weeks away and Boxing Day sales on the horizon it’s a great time to review some online shopping safety tips.   We all love the convenience of online shopping  but it does come with an element of risk. Online fraud cases over the Christmas period  have been rising  year on year. Over […]

microsoft logo windows 2008

SharePoint or OneDrive for Business?

As one of Glasgow’s key Microsoft partners, we are often asked to advise our IT Support customers on which Microsoft business platform best meets their need. SharePoint and OneDrive are a common example of this, with similar (but not the same) features, it can be difficult for SMEs to know which is the best fit. […]

IT Support Glasgow

We are recruiting: Senior IT Support Engineer based in Glasgow

Our team is growing and we are looking for a talented Senior IT Support Engineer to be based at our Glasgow Operations Centre.  As a senior member of our IT Support Service Desk team you will deliver high quality IT technical support and consultancy to existing clients in Glasgow, Edinburgh and throughout Scotland, assisting them with […]