Why Phishing Works
Phishing emails work because they exploit human psychology, not technical vulnerabilities. They create urgency, fear, or curiosity that prompts us to click before we think.
The Warning Signs
1. Urgent or Threatening Language
"Your account will be suspended in 24 hours!" "Immediate action required!" "You have been charged £499.99"
Reality: Legitimate organisations rarely create this level of urgency via email.
2. Suspicious Sender Address
The display name might say "Microsoft Support" but the email address is support@microsoft-security-alert.com
Tip: Always check the actual email address, not just the display name.
3. Generic Greetings
"Dear Customer" or "Dear User" instead of your actual name.
Reality: Companies you have accounts with usually know your name.
4. Spelling and Grammar Errors
Professional organisations have proofreaders. Phishing emails often don't.
5. Suspicious Links
Hover over links before clicking. Does the URL match what you'd expect?
Example: A link claiming to go to Microsoft might actually point to micros0ft-login.dodgy-site.com
6. Unexpected Attachments
Especially dangerous: .exe, .zip, .doc with macros, or any file you weren't expecting.
What To Do
1. **Don't click** any links or download attachments 2. **Verify** by contacting the organisation through official channels 3. **Report** the email to your IT team or manager 4. **Delete** the email
Building a Security Culture
Regular awareness training dramatically reduces phishing success rates. Even short, quarterly sessions make a real difference.
We offer staff awareness training as part of our ongoing support packages. Get in touch to learn more.
