Business IT Support
27th Oct

How to spot phishing emails and other malicious content

Small and large business alike have the same risk when it comes to employees. Teaching staff how to spot bad emails and what to do is critical to modern security. In this article Tetrabyte Managed IT Support share our top tips on spotting emails you should delete.

Check the Sender’s Email Address – Not Just the Display Name

The display name is not always reflective of the sender, Cyber Criminals can set the display name to anything they like. Email addresses can also contain minor misspellings to mislead users, @micros0ft.com is not the same as @microsoft.com. Its possible to spoof the sender email as well, but these are far more likely to be delivered direct to your junk mail!

TIP: Hover or click on senders name to reveal the email, check the spelling carefully.

Check links before clicking

Links may not always go where they say they will, they can also hide behind really long domain names to cover their actual origins.
Check the link closely, look for the first ‘/’ in the path and work backwards from that, behind that you’ll see the ‘Top Level Domain’ Name (TLD), e.g. ‘.com’, ‘.co.uk’, ‘.org’, ‘.in’, ‘.ru’ etc.
Then behind that, look for the domain name, its everything after the previous ‘.’ E.g. learn.Microsoft.com, voice.tbyte.com, www.remoteit.co.uk.
This forms the sites main domain name, which is what your looking for. Don’t get fooled by domain names like microsoft-online-services-login-portal.doge.ru the core domain for this is .doge.ru and has nothing to do with Microsoft. The extended ‘SubDomain’ attempts to fool you into ignoring the actual domain name.

TIP: Carefully hover over links and inspect the destination, if in doubt, just open your web browser and visit the site directly.

Watch out for Emotional Manipulation

Cyber criminals try to push you to act fast and prevent you from thinking about the issues and options. Word and phrases may include items like ‘Critical’, ‘Urgent’, ‘Account will be suspended’ or ‘Payment complete’. These are all designed to make you panic and act without proper thought. If in doubt, ALWAYS contact your IT Support team, they will be trained to evaluate such content and have context to how systems are setup.

TIP: Never panic over an email, by default email is not a method of communicating urgent information.

If you’re asked to keep it a secret, it’s a big red flag!

Any messages telling you not to speak to other staff, especially management should raise a red flag. Cyber criminals don’t want you getting a second opinion, but this should normally be an option for most requests. If the request does feel legitimately confidential, you can always use another contact method such as phone to check in with the requester and validate the legitimacy. (Don’t double check by reply email as a users account could be compromised)

TIP: Double check with other staff via phone or in person if you have any doubts.

The unexpected email!

Most emails asking you to action something should be mildly expected. Did you actually request a password reset? Would you manager normally ask you to do that? If this a project you’re working on? Would such requests normally come from someone else?

TIP: Be careful about actioning items that you didn’t expect to have to deal with.

Be very careful with attachments

Attachments add a layer of complexity to email security, they are harder to scan, harder to check and cyber criminals exploit this to try to bypass security.
Ask yourself key questions with every attachment:
• Were you expecting this person to send you an attachment?
• Does the file type make sense, e.g. pdf, xlsx, docx be careful of macro enabled files xlsm, docm these contain programmable code.
And the BIG RED FLAG – Attachments should never ask you to enter login details. That’s a core phishing technique.

TIP: Be careful with attachments, they are commonly used to bypass security scanning.

What more can we do:

• Multi-Factor Authentication should be enabled on all systems and enforced for all users.
• Email filtering systems can provide additional protection
• Cyber Security Training for all staff can be a cheap and effective way of reducing risks
• Extending basic antivirus to fully monitored Endpoint Protection solutions provides a key line of defence against bad actors online.

Contact Tetrabyte to discuss your options and take the next steps now.
Call us today on 0330 900 1066 for a no pressure, no obligation quote.

Written By: Ashley - Tetrabyte

Ashley is the Operations Manager of Tetrabyte Managed I.T. and has worked with the director since 2009 to grow the company to the position its in today. As an MCSE and active member of the business operations and support teams Ashley is able to advise on a wide range of topics and provides support to the team when and where needed.

Contact Us for a Simple Quote

  • This field is for validation purposes and should be left unchanged.

  • Microsoft Logo
  • HP Logo
  • Cisco Logo
  • Dell logo
  • Eset Logo
  • BT Logo

What Our Customers Say About Tetrabyte

  • Excellent. Had a problem with Sage permissions and Owen straight onto it and resolved within a matter of minutes.

    George Mitchell, Walsall

  • I was absolutely dreading calling up IT support – well this experience has totally changed my mind! Thank you Owen for taking over my lap top and making all ok for me.

    Pam Fricker, Chichester

  • Tetrabyte to the rescue! amazing support from Charlie – it was a very arduous and finicky job but am so glad and grateful Charlie was able to see it through to the end and resolve it (as usual)

    Samantha Connor, London

  • We have been with Tetrabyte for many years – but although we always get approached by other IT support companies, I would always stay with Tetrabyte as they are reliable, professional and nothing is too much trouble

    Mike Copeland, West Sussex

  • Having now been with Tetrabyte some months and using their expertise in IT Support I can only praise the whole team for their professional attitude. They resolve issues quickly and go above and beyond by ensuring that when something is fixed it stays fixed… I am happy with their level of support and cannot but recommend them and their services.

    Hendri Cawood, London

  • …As always polite, knowledgeable and can do right now approach with a friendly and approachable personality never leaving me thinking that I am silly for calling even on the most simple of tasks.

    Sarah Veness, Hastings

  • The guys are always at the other end of the phone and log straight in remotely to fix the problem there and then (no down time). Whatever is necessary to get the job done the team at Tetrabyte will do it.

    Murray Greenhill, East Sussex

  • Since Tetrabyte have taken over the service, issues with IT are now at a minimum which is very important for the work that we do. I have no hesitations in recommending Tetrabyte to any other organisation, due to the high level of support they provide.

    Rachel Evans, London

  • I get many calls and emails from IT support companies offering their services but I am 100% confident that Tetrabyte provide the best service for our organization. I would certainly recommend them.

    Di Smith, East Sussex

  • We have worked with Tetrabyte for about seven years now and have found them to be brilliant. As somebody that isn’t the most IT literate, I have found them to be extremely helpful, patient and supportive…

    Debbie Hargreaves, St Leonards on Sea