category filters go here

How to recognise a phishing email….

Over the last few years, cyber-attacks have become increasingly complex, yet a huge amount of attacks still originate from malicious emails.  ‘Phishing’ is the term used to describe fraudulent attempts to gather sensitive information such as usernames, passwords etc, via email.   While there are excellent tools available to protect your network against spam and malicious emails, (patching, malware protection, anti-virus, email filtering – will all help) there is always a risk that some will slip through the net.  Multi-factor authentication is the main defence against this kind of attack but if you don’t have this in place your last line of defence is your staff.  It is important that you equip them with the knowledge of how to detect key warning signs of phishing attempts.

These phishing emails often claim to be from a senior colleague or a mainstream service provider (such as Amazon, Netflix etc), with an urgent call to action.  They often ask you to log-in or verify financial details and a link within the email will redirect the victim to a fraudulent website.  Sometimes the emails will contain sensitive information, such as passwords, perhaps gained by criminals from a data breach of a large service provider.  This can give the illusion of legitimacy and make fraudulent attempts difficult to spot.  There are, however, a few warning signs, which can help your team spot these phishing attempts.

1)      Email address

The phishing emails often pretend to be from a recognisable brand name, such as Netflix, PayPal, TV Licensing etc.  So, the email may appear, at first sight, to be from a sender you recognise. Criminals often use the Display Name function of email to state the (fake) company name.  The key is to always check the actual email address.  You can hover over the display name with your mouse or right click on the sender name, to reveal the address.  The email address often is clearly fake and/or sent from a public email domain such as or

2)      Domain name misspelled

Anyone can buy a domain name and criminals often buy domain names, which are similar to legitimate sites.  They also use sneaky mis-spellings within domain names to fool recipients.  For example, using rnedia instead of media.  Generally, poor spelling and grammatical errors are a sign that something is amiss.  The tone of emails is often a red flag.  It may be an unusually formal email from a colleague, or an email, which uses the word ‘official’ several times.

3)      Sense of urgency or call to action

The emails often raise a concern with an urgent call to action.  It may say that your payment has been refused (as in the recent Netflix or TV Licensing scams), or that you have been victim of a fraud, or a senior colleague needs urgent action on an invoice etc.  You should always contact the sender to check legitimacy before acting on these requests.

4)      Attachment or link

The phishing emails often contain an attachment (perhaps an invoice , etc) which will launch malware on the victim’s computer.  Similarly, they might contain a link to a fraudulent website which will ask the victim to log-in to verify information.   Again, it is important to check where the link goes to before clicking.  Criminals will disguise the hyperlink behind a legitimate looking button on the site. You can check where the link goes by hovering your mouse over the link. It can be useful to have a policy of never entering financial details following a link from an email or text.

5)      Branding consistency, logo, official, quality of design

Criminals often use out of date logos and poor quality of design within their phishing emails.  Often a large part of the email is taken up by an image.  It something feels off with the design, it is worth scrutinising the other red flags as detailed above.

How can RedMosquito help?

We always recommend a multi-layered approach to cyber security and our Technical Consultants are happy to advice on the best solutions for your business.  We can advise on additional security measures which may help, including multi-factor authentication. We also offer a range of Security Awareness Training courses to our IT Support customers.  These courses educate your team on the how phishing attempts work and how to spot a malicious email.  The training is reinforced by creating simulated phishing attempts to test user knowledge over the following weeks.  If you would like to have a chat with us about how we can help your business, contact us today.

 RedMosquito Ltd provides IT Support and IT Security services to SMEs in Glasgow, Edinburgh and throughout Scotland.

business mobile phones

Business mobile phone services – new from RedMosquito!

RedMosquito have added business mobile phone provision to our portfolio of services.  Our partnership with Three/Gamma means we can offer superfast Business Mobile Phone services at highly competitive rates. Threes’ investment of over £2 billion in their powerful and rapidly growing network means, through this partnership, RedMosquito can deliver fantastic speed and coverage at an incredible […]

We are recruiting: IT Support Engineer vacancy!

We are recruiting for an IT Support Engineer to join our team.  As a member of our Service Desk Team you will deliver high quality IT Support to existing clients, assisting them with desktop and server hardware & software problems via phone, remote access and on-site. Salary: negotiable depending on experience + Benefits. Please note […]

IT Support Glasgow

10 reasons why you should outsource your IT Support

Getting it right on IT  Support can be a challenge for many SMEs.  Often their budget can only stretch to one or two IT Support staff members whose expertise will inevitably be limited by their restricted exposure to varying IT systems and new developments. Providing IT Support to SMEs in Glasgow, Edinburgh and throughout Scotland […]