No matter how advanced modern cybersecurity systems have become, phishing emails still manage to work their way into our inbox. Spotting them can be the difference between keeping or losing valuable online assets.

Phishing emails have been popular amongst cybercriminals for years now and they are unlikely to be anything you haven’t come across before. Spotting and avoiding phishing emails is not always a difficult task (some are painfully obvious), however some can be much harder to detect – in particular, spear phishing emails.

What is a Phishing Email?

A phishing email is designed by cybercriminals to appear legitimate in the eyes of the recipient, perhaps as a letter from your bank, a service provider or another seemingly trustworthy source. Secretly however, they are looking to extract confidential information from you which cybercriminals can then use to profit from, such as your bank details. However, you might be surprised to learn it’s not only your bank details that are worth something to cybercriminals, as a recent McAfee report showed us.

What is Spear Phishing?

These are a step up from the regular phishing emails most people have received. A spear phishing email is one tailored specifically for its target, meaning prior research of the recipient will have gone into the wording and design of the email, which can sometimes make them incredibly difficult to pick out as fraudulent.

For example, a cybercriminal may create an email address which is very similar to an existing address being used by an important employee at a bank e.g. The criminal may use:

JonthanGreen@companynme.com

when he/she knows that a member of the bank’s operating board uses the email address:

JonthanGreen@companyname.com

It’s extremely easy for people to not notice misspellings such as the missing ‘a’ here. Using this email address, a cybercriminal could request a payment to be made, or request confidential information to be shared with the criminal by another employee at the bank who they believe they are in contact with.

This is just one example of how cybercriminals can use information on a target to personalise and disguise phishing emails.

How Can I Protect Against Phishing Emails?

Phishing emails are often sent to a large list of email addresses with no particular target in mind, and their lack of personalisation is limited making them usually fairly easy to spot, however a lack of awareness can sometimes lead to a slip up.

Here’s four tips to consider: –

One: Constant Vigilance

Phishing emails heavily rely on your lack of suspicion, so checking for any of the following tell-tale signs before proceeding with any requests or suggestions made in the email should be a priority.

Two: Never Reveal Confidential Information

No organisation should never ask you to reveal confidential information over email, telephone or any other form of communication. Unless you contact the company first so you know exactly who you’re talking to, you cannot be sure someone is actually representing who they say they are. For this reason, you should be extremely wary of who you are speaking to and what they want.

Three: Do Not Allow Yourself to be Pressured

A reoccurring theme in phishing emails is to convince the recipient that there is going to be some serious form of repercussion for not complying with the request laid out in the email – which will likely at some point lead to you having to provide confidential information.

Four: Keep Updating Your Email Security Whenever Possible

Email security systems may not be 100% effective in keeping out spam or phishing emails, however they keep out far more than you probably realise. Due to the fast-evolving nature of cyber terrorism, keeping your system up to date should help protect you from the vast majority of malicious emails. But remember, the systems are not perfect and the majority of mishaps occur due to lack of employee awareness.

Capital Support have produced some useful tips on staying safe from phishing emails and have recently launched a dedicated managed security services suite to help protect financial firms.