Discover your certification today Browse
Open page navigation
Cyber Security

E-commerce sales are an opportunity for organizations to thrive in business online – cyber criminals thrive in this environment too.

Frantic conditions during the sales or over seasonal holidays are perfect for cyber criminals to exploit the unwary, there’s typically a lot of revenue streaming in and employees being distracted by unforgivingly fast-paced work.

Cyber criminals enjoy employing a technique known as ‘phishing’; viruses camouflaged as seemingly harmless e-mails. Employees who click on these phishing e-mails could unwittingly unleash viruses into the organization’s IT network with potentially disastrous consequences.

We’ve compiled a list of five top tips on spotting such phishing attempts. Hopefully you’ll be able to spot them before you’ve even opened the e-mail.

  1. Notice incorrect spelling and/or grammar:

Phishing e-mails often have suspiciously vague, miss-spelled subject lines which are particularly easy to spot when sent from a (hacked) employee who typically doesn’t misspell the contents of their e-mails.Surprisingly this is often a deliberate tactic employed by hackers to identify easier targets. When an employee opens a deliberately miss-spelled e-mail it suggests to the hacker that they’re particularly susceptible to scams. Hackers will consequently focus their efforts on these individuals, viewing them as easy prey.

  1. Check the sender’s e-mail address:

An easy way to identify a dodgy e-mail is to check if the sender’s domain is legitimate and aligns with the sender’s name. Depending on which e-mail client you use, the domain is usually displayed beside the sender’s name. For example, an alleged e-mail from Skynet should have a domain name such as ‘’ as opposed to ‘’.

  1. The e-mail is requesting personal information:

One of the most glaringly obvious indicators of a phishing attempt is that e-mail’s requesting you to provide personal details, i.e. passwords, social security number, particularly in instances where it’s against company policy to request such information. Even if the e-mail’s from a recognizable source, never provide this sort of information without identifying if the e-mail’s legitimate.

  1. Is the e-mail trying to create a sense of urgency?

While I’m not suggesting that you help bring your company to ruins by ignoring high-priority messages from your colleagues – be wary of e-mails that request you respond or provide important information with haste. Commonly phishers attempt to bait their targets by suggesting the recipient’s received a large sum of money, which can only be obtained by providing sensitive bank details.

  1. The e-mail contains suspicious attachments:

Depending on how sly the phisher is – their e-mails may include an attachment with an obscure file name. Risky file formats include exe, Scr, .zip, .com. and .bat. These e-mails often claim that the attachment contains important details; others may be more blasé and simply ask you to open the attachment. Bear in mind that retailers and banks etc. will typically never send attachments via e-mail.

According to an article from IT Governance, 156 million phishing e-mails are sent daily – of which 15.6 million manage to sneak through spam filters. While we encourage organizations to train their staff through a cyber-security certification – simply spreading awareness of existing threats is a great preventative measure.


Author:  Matt Brewitt - originally published 22 December 2014


Person stood on a cliff edge looking upon clouds rolling through mountains

The Cloud Industry Forum (CIF) Code of Practice

Ensure your cloud services are a beauty to behold

View more

Certified Cyber Professional (CCP)

Illuminating Information Assurance experts

View more
Man with a head torch shining light into the sky

GCHQ Certified Training (GCT)

Leading the search for exceptional cyber security training courses

View more