Beware of corona cyber criminals: how to recognise a phishing email

Innumerable businesspersons have received phishing emails in their mailboxes in recent weeks. In the run-up to the tax return deadline, these emails frequently appeared to come from the FPS Finance or Tax Authorities. However, they subsequently transpired to be fraudulent emails. It is therefore important to be able to instantly recognise this type of email and avoid the pitfalls.

How can you recognise a phishing email?

Recognising a phishing email might sound simple, but that is not always the case. However, there are a number of things that can reveal the true nature of an email. The key tips at a glance:

1. Be vigilant when reading emails. Is the sender questionable? Is the domain (or rather: the portion following the @ symbol) questionable? Is the context questionable? What is the purpose of the email?
2. Never click on a link without checking it. Check whether the link leads to a legitimate site by hovering your mouse pointer over the link or button. Does the link direct you to the site that you expected?
3. Exercise caution with attachments. It is not generally necessary to enable macros (e.g. in a Word document) or other scripts (e.g. exe or. vbs) to view documents.
4. Trust your instincts. Is the email designed to elicit a powerful emotional response? Then take a break and review the email once you have collected your thoughts.

What can you do to protect yourself from phishing emails?

A key component of phishing protection is raising employee awareness within your organisation. It is essential that each and every employee is aware of the dangers of phishing, knows how to recognise phishing, and how or where to report suspicious emails. Regularly organising awareness training or phishing simulation ensures that everyone within your organisation remains alert when processing emails.

Phishing emails are invariably designed to persuade and entice. There is therefore no shame in falling prey to a well-composed phishing email. However, in such a scenario, it is important that you immediately take the necessary action, together with your IT manager or supplier. The actions that are required vary from situation to situation. At a minimum, we recommend changing the passwords of all affected users and monitoring your company network for suspicious activity.

Would you like to organise an awareness campaign within your organisation? Or test your internal processes and employee reactions via a phishing simulation? Then please contact one of our specialists via cyber@vdl.be or our partner clipeum via frederik.vervoort@clipeum.be.