The red flags to watch for in phishing emails Cyber Scotland Week 2023

As part of this year's Cyber Scotland Week, the team at ur strategic partner Mitigo share the red flags to watch for in phishing emails.

Today marks the first day of Cyber Scotland Week. Our strategic partner, Mitigo, are sharing helpful advice and guidance throughout the week. First up, they are sharing a round-up of your main red flags if you do receive a phish: 

• If the email seems too good to be true, or seems suspicious – it probably is. Trust your intuition.
• Criminals will often add a sense of urgency to their phishing campaigns – the language will push for you to react quickly before deadline.
• The email may be requesting money or sensitive information such as credentials – official sources will never ask you to supply these via email so don’t give them out.
• Criminals pretend to be a figure of authority or reputable company to gain your trust. Hint: don’t trust them.
• Poor grammar or spelling may be the most obvious red flag – if it’s badly written, it’s bad news.
• Suspicious links or attachments may be included. Don’t click – you can see what the real website is by hovering over the URL, and don’t open any attachments unless you are absolutely sure they are legitimate.
• The email address used is public domain or misspelt – an official source would never have a normal gmail account associated, and double check that it’s not from something like “Microsuft” instead of Microsoft.
• Whilst you’re looking at the email address, does it match the sender’s name or the company they’re purporting to be from? If not, you’ve probably caught a phish.
• The final red flag would be threatening language – aka “Do this or else”. No reputable company would speak to their customers like this – if your back’s up, it’s probably for good reason.

If you’re still not sure, it’s best to verify independently of the original source – so if you’ve got an email, give the person or company a phone call to see if they did send the message. Use the number from their official website, rather than any included in the message.

Never respond or react to the phish – just ignore it and delete it.

For more helpful cybersecurity advice for your firm, visit Mitigo's website.