How to distinguish between real and phishing bill payments

One of the key dangers in the world of cybersecurity are phishing emails. Even with all the defensive tools available, it’s easy for any person to slip up and click on a file or a link by accident. In this post, we’ll talk about a particular kind of phishing we’ve recently seen an increase in: hiding malware in fake financial documents. 

How to spot a phishing email 

Attached below is an example of one of these phishing emails we have had reported to us recently: 

Looking at this, there are a few details that would indicate it’s phishing to someone who knows what to look for. 

Firstly, the email is addressed to “Customer” – quite often, phishing emails will use generic greetings such as this, as they’ll send the same email to hundreds of people or more. However, it should be noted that not all phishing emails use this tactic, and many will be more personalised in their attacks. 

Secondly, the email is vague about what it is about, besides the fact it is related to a payment. This has the effect of making the recipient more curious, and therefore more likely to click on the malicious file. On top of this, by keeping it vague, fewer people who receive it will dismiss it as unrelated to them. 

On top of these, there are quite a few markers as well that might distinguish a message as phishing: 

1. A sense of urgency and fear – a phishing email may try to make you feel rushed or suggest that you may be in trouble. This is so that you don’t have the time to wonder if it might be legitimate. 
2. A promise of reward – often, emails will get people to click on their links with a promise of reward, such as claiming they have won the lottery. 
3. Suspicious sender – often the address sending the email will not look right, or might try to mimic a well-known company address, perhaps with a few typos or extra characters. 
4. Typos – legitimate, professional emails, especially those concerning financial transactions, will be proofread carefully by the company sending them. Too many typos can be a sign of phishing. 
5. Suspicious web links – alongside attachments, phishing emails may include links that take you to harmful sites. These can often be made to look like legitimate links, so always be sure to hover over the link to see where it is taking you before clicking on it. 
6. Asking for information – phishing emails will often ask for information that no legitimate email would ask for, such as usernames or passwords. 

How to protect yourself from phishing 

1. Verify the sender – if you receive an email from a company regarding a payment that you’re not confident in, be sure to contact the company to verify this. You should contact them via a trusted number or email, rather than responding to the email directly. 
2. Don’t open URLs or suspicious attachments – don’t open attachments or links in an email you have doubts about. You can send it to ISG at isg@ucl.ac.uk for help determining if an attachment or link is malicious. 
3. Keep your computer’s operating system, antivirus and applications up to date – this will increase the chances of catching any malware if it gets on to the computer, and updating the operating system will reduce the number of vulnerabilities the malware will be able to exploit. 

Remember, staying safe online is a continuous process that requires ongoing vigilance – it is better to be safe and report any suspicious emails to ISG (isg@ucl.ac.uk) than to accidentally fall victim to a phishing email.