What Is Phishing?
A phishing email is a fraudulent attempt to get sensitive data or information from people: like their usernames, passwords, financial information or credit card details.

Other common phishing terms include:

Whaling - A whaling attack is in the category of phishing emails and specifically targets high profile individuals and executives with valuable information.

Spear phishing - Spear phishing is when an attacker singles out a specific organization or individual in order to gain access to sensitive data.

CEO fraud - CEO fraud is when a hacker sends an email to an employee of a company posing as the CEO and requesting the transfer of funds or access to information.
What To Look Out For
Protect your company from phishing attacks by checking and rechecking your emails. Many people ask how to spot a phishing email, or how to check if an email is real. The first thing you should do after you receive an email is to look at the sender’s address carefully. Is it really your boss, or does the email address have an extra letter or number in it? This can be hard to spot, so look carefully.

Check the sender: It may sound obvious, but carefully checking who send the email is the first step in staying safe. Today, fraudsters are easily able to make a message look legitimate – they will use the colors and layout copied from a real email from that organization. This includes the signature section, so watch out for that, too. Your first check should be to determine that the sending address matches the company it’s claiming to be sent from.

Having the name of the company in the email address doesn’t mean you’re home safe just yet. Watch out for “amazon.myowndomain.com”, which is obviously not the real company address.

The next trick to look out for in how to stop phishing is numbers that have been substituted for letters. Ones and zeros can look convincingly like the letters “l” and “o” respectively.

Message content: The first clue in this section to whether an email is legitimate, is if your name is mentioned. A “Dear Sir”, or “Dear valued customer” is a sure sign that the sender has no idea who you are. Only if you see your name, can you breathe a little easier that this is indeed an email meant for you (watch out though for spear phishing and whaling attacks).

Of course, poor spelling and grammar are also indicators that the email is not from an official source. Fraudsters are getting a lot smarter, however, and this kind of check can no longer be relied upon.

One of the biggest things to look out for in how to stop phishing is what the email wants from you. Is it just a message informing you of something? If the message requires you to input details, or click on a link, this is where all of your alarm bells should start ringing.

Avoid link clicking: Most people today receive an email and open the attachment right away. It’s best to avoid opening links, unless you’re completely sure they’re safe. Not only could that link direct you to a fake page requiring your login details, but that link could download malware onto your computer instantly.

The first check you should do when it comes to links, is a logical one. Would Microsoft be sending me a link to a Google Drive document? Probably not. Does the link say “.jpg” but it’s a Word document? That’s suspicious.

Next, it’s important to rest your mouse on the link (without clicking), and check in the bottom left-hand corner of your browser where that link leads. If it’s a legitimate site, it’s probably ok. As soon as it looks odd (sdjlasdj.djkslsa.eu/hhu), you know there’s a problem.

Here’s a really important tip: links that look legit can be fake, especially when non-English characters are used. For example the Greek “α” and Russian “ё” can easily be substituted for English letters. If you see an address in your browser that begins with “xn-- ”, it’s a sure sign that this trick is being used.

So far, when it comes to how to stop phishing, you’re doing great! But we’re not quite done yet. Because even if you follow all of this advice, a sophisticated fraudster can still slip by your human defences.

The bad news is that your anti-virus and similar software won’t help you here either. A sophisticated fraudster can create an email that looks perfectly legitimate, from the address of someone you know and trust, with an attachment that does not look suspicious.

A purpose-built automated phishing solution like Retruster is critical.
Common Tricks Used
1. Avoid the Urge to Click We all have a side to us that’s naturally curious, especially when it comes to finding out that a document is waiting for us, and that all we need to do is click to open it. Is it important? Could it be interesting?

This is a classic scam used by fraudsters to get people to click on a compromised link to install malware, or even to get employees to to input their login information, which is then stolen – allowing hackers to get into your system, send emails as if they were that employee, and access sensitive information.

What makes matters even worse is that these types of scams often look like they come from legitimate, trusted sources, like Google Drive or Microsoft Sharepoint.

If you get a notification out of the blue that there is a document waiting for you, and all you need to do is click a button to open it, stop yourself right there and consider the consequences.

2. Don’t Be Tricked into Thinking Your Computer’s Infected with Ransomware We’ve all seen the headlines about Ransomware spreading through computer systems and locking out users, until a Bitcoin ransom is paid. With names like Bad Rabbit and WannaCry (who names these things?!), they are enough to scare just about any internet user.

So of course one of the latest scams is faking a ransomware attack. An employee will get an email, announcing that the computer has been infected and that unless a ransom is paid by an imminent deadline, all data will be deleted.

Happily, the threat is an empty one (there has been no ransomware installed on the computer), but urgency is used by fraudsters to make people make mistakes. If you do get an email like this, report it immediately, do not take action or reply, and get that heart rate back to normal.

3. Don't Be Fooled By "Out of Date" Details “Just a friendly reminder to update your username and password, as they are about to expire”. Messages like these may seem friendly, but are actually a common way for hackers to gain access to your accounts.

And if, like many people, you use the same or similar passwords in different places, the results can be catastrophic.

These messages come in the form of very professional-looking emails, complete with official-sounding email addresses, so stay on the lookout. They are often sent from banks, or popular services like Apple and Netflix.

Not even government offices are immune, and a perennial favorite is to send official-looking documents from the tax man. Who doesn’t want to stay on the right side of the IRS?

4. Don’t Get Tricked By One Of The Oldest in The Book Almost like #3, but in reverse. This is a classic scam that has been around for as long as anyone can remember (although there’s a twist).

In this instance, a regular supplier sends your team a message, informing you of updated banking details, or email addresses. What’s different today, however, is that email addresses can be faked – so this looks like it’s from someone you interact with regularly, but is really from a stranger.

Ideally, every message like this should be followed up with telephonically to confirm the change, however this is isn’t always possible. Plus, if it came from the right email address, it must be legitimate, right?

Sadly, the answer is a resounding “No”.

Retruster is a tool that can automatically protect your company against these types of fraud

5. Trust Me, I’m A ____ We are conditioned to trust certain people. Policemen, nurses, and college professors engender a certain amount of confidence.

Unfortunately, thieves and hackers are fully aware of this, and will be trying to dupe your employees with emails from “trusted” sources, whether it’s a local charity, a well-known personality, even members of the clergy.

Everything must be checked and checked again, and no one can be relied upon, especially those that we would naturally trust more easily.
How To Stay Protected
When it comes to the best anti phishing tool, this is where you need to enlist the help of technology to be your guardian angel.

And there’s good news: there is a platform that can spot fake or phishing emails for you, even when everything on the surface seems legit. You won’t have to act with suspicion every single time you receive an email, and you won’t be more vulnerable if you’re tired or in a rush.

The Retruster solution is the best anti phishing tool. It’s by your side for every single email you receive. If there’s anything suspicious, or something you need to know about, you’ll be alerted immediately.

Retruster does all those checks we mentioned above: looking for fake email addresses, mismatches, information within the message, bad links and compromised attachments, non-English letters, and a whole lot more. In fact, it performs thousands of other checks, in fractions of a second, leveraging the latest in tech and super smart algorithms.

Retruster is the perfect way to protect your organization.

Learn more about how you can benefit from Retruster


You can be protected in just a few clicks.
Learn more – no obligation.


Your privacy is our priority. Retruster does not store your emails.

You're in good company


Join our satisfied customers using our product globally.

lenovo danone nike harvard safeway safeway safeway