Preventing Phishing with Webmail

Updates for Webmail

We’ve recently introduced a new function to our Webmail service to help protect users from phishing emails - pieces designed by spammers to steal personal information, introduce malware, and have a range of other negative effects.

One of the most common things you’ll see with phishing emails is that the message will initially appear to be from someone who you know - the email will show up in your email as being addressed from a particular person or organisation’s name, while the actual address it’s been sent from is clearly not theirs.

In a lot of email clients, all you can see is the name, making it a bit harder to immediately spot that an email isn’t from who it claims to be from. Until recently, our Webmail service was one of these, but we’re just introduced an option which displays the email address of the sender right next to the display name that they’re using, so you’ll often be able to immediately tell that the message isn’t legitimate.

To turn on this setting, log into Webmail, click through to Settings in the upper right, then select Displaying Messages in the sidebar. You’ll find an option labelled ‘Show email address with display name’ - make sure this box is ticked, and email addresses will be displayed on all messages you receive.

Unfortunately, this is far from the only way phishing emails are disguised - read on for some basic tips on what to look out for.

Basic tips to avoid phishing

The main way to avoid phishing is to pay attention to what’s there. There’s often (although not always!) some kind of red flag if you take the time to think things through. Here’s a few of those flags - keep in mind that there’s far more than just these points:

Weird grammar: A great number of phishing emails are either automatically generated or written by people without a full grasp of grammar - one recent message I received started out with ‘I have a good news’, for instance. Poor grammar from an unfamiliar sender is by no means a definite sign that a message isn’t legitimate, but it should prompt you to be a little more alert.

Unexpected messages: While some phishing mails may masquerade as something you’re expecting, a lot of them simply come out of the blue, often claiming to be from popular services. Always think about whether the sender would be likely to actually send you a message.

Unusual characters: There’s a lot of unicode characters and letters from different languages which look like English Ƚеţţеŗѕ - registering domains with those placed where the letters they resemble is an increasingly common way to spoof a domain to hijack personal information. While the example we’ve given is pretty obvious, it’s possible that you might not notice that an address is actually for Gooġle, rather than the actual site.

Suspicious requests & attachments: Whether it’s asking you to send money, give out your personal details, or download a file, phishing mails almost always want you to do something. Again, it’s not necessarily a sign of something being wrong, but should encourage caution. Keep in mind that legitimate organisations are practically never going to send out emails asking for details like account numbers - and definitely not out of the blue.

Something different/ unusual: As we’ve said, the most useful step to avoid falling for phishing is to be careful and alert. If there’s anything that seems unusual at all, it’s almost always worth double checking.