Phishing scam awareness

Phishing scam awareness


Phishing scam awareness


Due to the excessive amount of phishing emails we are now receiving as a business and the fact that some employees have fallen victim to them, resulting in unauthorised access to peoples email addresses we are having to raise awareness of this and provide some things people can watch out for to identify when it is a phishing email:

The ultimate goal of phishing emails

Essentially, the purpose of a phishing email is to get you to enter your details for access to be gained to your account so that they can sift through any documents possible in the hope of gaining further access (i.e. bank account details, logins etc) and also using your email address to send further similar emails on in the hope that others will trust the email address they receive the email from and fall for the phishing emails in the same way.


The obvious one to look out for

Lets say youve received an email from a potential customer, but the email seems a bit odd; it may be mentioning an invoice or something to download from onedrive, which obviously isnt what you expect but this is a potential bill for you so you go to check.

So, you click the link which takes you to a website which looks like it is signing you in to Microsoft Office. This is where the giveaway lies; any time you log into a legitimate Microsoft Office website, after you enter your email address and press next youll notice that the website changes to show LES love birds in the background, with the Microsoft logo changing to that of Love Energy Savings like here:




A phishing website will present a bog-standard Microsoft image even after you put your email address in; you are still safe at this point SO LONG AS YOU DO NOT PUT YOUR PASSWORD IN THEREON.

See below for example of phishing website:


Other things to look for

Check the actual name of the website you end up on  a legitimate Microsoft one will appear as follows:


In the case of phishing websites, they will appear as something else entirely; see the example below for one we had:




Another way to confirm before even getting to this point is to look at where the link in the email is directing you (or if there even is a link); in the case of the below, this is an email I received which was not expected which contained a link attempting to get me to log in with my Microsoft Office details for them to gain access to my account:

The link is definitely not pointing to a legitimate Microsoft website, the email address is questionable and the email is particularly poorly put together making this an obvious phishing email.

Other things you may encounter are pictures pretending to be .pdf attachments which contain links to suspect websites in an attempt to get you to do the same thing; enter your details and password for access to be gained to your account.


Final words

Simply enough, if in doubt then ask the IT infrastructure team (Ben Shearer,  Tom Buckley or Maria Demosthenous ) to take a look for you and theyll confirm either way.