How to Train Employees to Spot a Phishing Email

The problem with phishing schemes is that anyone can appear to be somebody else—even in emails.

Hackers have become incredibly good at faking email messages, making it look as if an email came from a colleague or co-worker. Hackers are also good at pretending to be banks, government agencies, well-known brands, and other entities that we feel inclined to trust. These dangers open the door to data breaches, identity theft, and other costly threats.

How to Spot a Phishing Email: 4 Key Strategies to Teach Your Employees

The first step to fighting phishing scams and the data breaches they can cause is to remind your employees that they need to be vigilant. We all have our blind spots when it comes to email: things that we trust at face value without even thinking about it. If you see an email that appears to be from a family member or the IRS, would your first reaction be “This could be fake”? Probably not. To remain safe in today’s online environment, we all should adopt a “trust but verify” strategy.

Training your employees to be skeptical about the email messages they receive will be arguably the most difficult part of fighting against phishing. Luckily, there are a few strategies you can give to your team members that they can use to identify fake and dangerous email messages.

Here are the top tactics for spotting a phishing email:

1. Watch out for emails that ask for money or personal information
Passwords, payments and personal information are the “Three Ps” of phishing scams. If you receive an email asking you to share your passwords or sensitive information, or urging you to make a payment out of the blue (the latter approach is popular among IRS and tax-related phishing emails), you should be on high alert immediately. Don’t comply with the request of the sender. Instead, look for other suspicious signs.

2. Be cautious about links and attachments
example of phishing email

In office environments, workers exchange website links and attachments all the time. Sending these items via email is often the best way to collaborate on projects and share information. If you receive an unsolicited email with an attachment or hyperlink, you should be cautious. As with requests for passwords, payments, or personal information, unsolicited links or attachments should trigger a more in-depth inspection of the email.

3. Check the sender’s email address
An email display name is a phishing attacker’s best friend. When an email comes into your inbox, and the display name is a person or organization that you know, the impulse is to let your guard down. However, email display names are also easy to fake. What can’t be faked, however, is the email address itself. As such, if you have reason to be suspicious about an email, the first thing you should do is double check where it came from. If the display name says the email came from a coworker but the email address doesn’t match the coworker’s work address, the email is probably a phishing scam. The same is true for emails that claim to be from your bank or the IRS but come from Yahoo, Hotmail, or Gmail addresses.

4. The tone or spelling of the email is off
We all know how our friends, loved ones, and colleagues talk and write. Employees should be trained to assess the tone of an email. If it doesn’t seem like the tone of the email matches the usual “voice” of the supposed sender, there is a good chance it is a counterfeit. Scam emails will often read like they were written by someone who doesn’t speak English as their native language. Awkward sentences, grammar errors, and misspellings, then, can all be signs of a phishing scam.

5. Generic greetings
One of the quickest ways to spot a phishing email is to look for a generic greeting. Phishing scams will often use generic salutations (such as “Dear Customer,” “Dear Sir/Madam,” or “To Whom It May Concern”) instead of more personal greetings. Of course, some hackers are more sophisticated and have devised ways to insert customer names into their email greetings. However, if you do see a generic salutation of this ilk, it should at very least put you on high alert.

These strategies certainly aren’t the only ones that your team can use to spot phishing scams, but they do highlight some of the most common characteristics of dangerous emails. Focusing on these red flags in your employee training sessions should help keep your team members on high alert. Hopefully, the training will pay off and help your business avoid phishing scams and their associated costs.

Share this blog post:

Add Your Heading Text Here

Add Your Heading Text Here

Let's Get Started!

Need professional IT support for your business?
We are here to help your company if you need IT advice and support from a professional IT services provider.

We offer business managers a free initial IT consultation to determine your needs and advise you of the IT service options available to you. No obligation on your part.

Ready to get some IT advice? Either configure your company’s settings in the adjacent form, schedule a free call with us or call us now at 1-888-800-3211 to get answers to your IT questions.

Configure your company's IT needs to get started!

Managed IT Services provider for business offices.
VTC Tech is an IT provider that helps growing companies with busy offices by managing their IT support and cybersecurity services so they can focus on their core business and grow faster.

Configure your company IT needs:

Join our Newsletter
VTC TECH is happy to bring you the latest insights on IT and how it affects you – in business, at home or anywhere in between.
VTC TECH Newsletter
BREAKING NEWS: Join our Newsletter and find out what's new in IT