How to Spot a Phishing Scam: Essential Tips to Stay Safe Online

Understanding Cybersecurity Blog

Phishing scams are the bane of the modern digital age, preying on unsuspecting individuals, and businesses – like accounting firms. 

But, with simple actionable tips you can train yourself, and your staff, on how to spot these scams and keep your and your client’s information safe and protected.  

Let’s dive in and arm ourselves against these cyber threats. 

 

What is a Phishing Scam?  

Phishing scams have become increasingly sophisticated, particularly with the rise of AI, tricking even the most tech-savvy individuals. 

Simply put, phishing is a cyber-attack which uses disguised emails, messages, or websites to trick individuals into revealing personal information. The goal is often to steal login credentials, financial information, or other sensitive data. Typically, these scams involve: 

  • Emails from seemingly legitimate sources: Scammers often impersonate banks, social media platforms, retailers or even your clients. 
  • Urgent or alarming messages: These messages might claim there’s an issue with your account which needs immediate attention. 
  • Requests for personal information: Legitimate companies rarely ask for sensitive information via email or text. 

 

Common Signs of a Phishing Scam 

Below are the common signs we see here at Practice Protect when it comes to phishing email attempts.  

1. Suspicious Email Addresses: 

Check the sender’s email address. Often, phishing emails come from addresses which look almost correct but have subtle misspellings, extensions to a legitimate email, or extra characters. E.g. info@xerocustomerservice.com instead of info@xero.com  

2. Generic Greetings: 

Legitimate companies, again, usually address you by your name. Be wary of emails which start with “Dear Customer” or “Hello User”. Whilst some companies may address you this way in certain emails, still be alert when anything like this comes through.  

3. Urgent Language and Threats: 
  • Scammers like to try to create a sense of urgency to panic recipients into quick action. Phrases like “Your account will be suspended” or “Immediate action required” are common, you may also in the case of vendors or clients receive emails which are more legally threatening. 
  • We are also noticing a rise in impersonation attacks where the scammer is impersonating someone from within the organization to solicit payments. 
4. Poor Grammar and Spelling: 

Many phishing emails contain grammatical errors and spelling mistakes. Professional companies typically have high standards for their communications (although we do make the odd mistake here and there). However, this is where AI is beginning to level the playing field and improve the quality of phishing content.  

5. Suspicious Links and Attachments: 

Hover over any links to see the actual URL. If it looks suspicious or doesn’t match the company’s official website, don’t click it. Similarly, avoid downloading attachments from unknown sources. Again, for most legitimate emails it will be something like – https://practiceprotect.com/ for a scam it will instead have some peculiarity like http://practiceprotect.co/ where they have used a similar but slightly different URL to try and trick you. So be aware and alert, when in doubt don’t click the link and go directly to the website you know is legitimate. 

6. Unusual Requests: 

Be skeptical of any email asking for personal information, passwords, or payment details. Legitimate companies will not ask for this information via email. 

 

How to Verify a Phishing Scam 

If you do suspect you are potentially having a phishing attack on your email, phone or social media, below are just a few of the ways you can try to verify it.  

  • Contact the Company or Contact Directly:
    If you receive a suspicious email, call the company using a phone number from their official website, not the one provided in the email. It is important not just for phishing attacks, but for any unusual requests you receive which look like they may be legitimate, contact the person or company through an avenue you know goes directly to the person you normally talk to.  
  • Look for HTTPS:
    When visiting a website from an email, ensure the URL starts with “https://” which indicates a secure connection. This is not a foolproof method, but generally something a scammer easily overlooks.  
  • Check for Branding and Logos:
    Compare the email with previous communications from the company. Look for inconsistencies in logos, branding, and design. If something looks off, or suddenly their website when you click around is not as extensive as usual, there is a good chance this is a phishing attack.  

 

Protecting Yourself from Phishing Scams 

It is not impossible to keep yourself safe from phishing attacks, in fact, there are a number of more advanced solutions out there which can stop the attack before it even reaches your “doorstep”.  

  • Enable Two-Factor Authentication (2FA):
    Adding an extra layer of security can protect your accounts even if your password is compromised. We make it compulsory as we know with 2FA or Multi-Factor Authentication (MFA) the criminal has another layer they need to infiltrate to get access to your data. This makes the task even harder and, in some cases, impossible for the attacker to gain access to your accounts and data.  
  • Regularly Update Passwords:
    Change your passwords frequently and use complex, unique passwords for different accounts. We recommend making them at least 16 characters long with capitals, numbers, letters and characters. We know this makes it incredibly hard to break which protects you from criminals trying to “brute force bot” get your password. When paired with regular updates, it makes a secure account.  
  • Educate Yourself and Others:
    Stay informed about the latest phishing tactics. When you partner with cybersecurity companies they provide online training for your staff, as well as ongoing security updates and advice. This makes it much easier to keep on track of the latest trends without having to do all the work yourself.  

Staying vigilant and informed is your best defense against phishing scams. By recognizing the signs and knowing how to verify suspicious communications, you can protect yourself and your personal information. Share these tips with others to help create a safer online community. 

 
Read more

Securing Data Across Borders: Cybersecurity Strategies for Accounting Firms When Offshoring

The appeal of offshoring is undeniable as the accounting industry embraces digital transformation. It has become a valuable, often overlooked, strategy for firms seeking a competitive edge in a globalized economy. Offshoring offers a range of attractive benefits from accessing a diverse pool of global talent, and multicultural teams to reducing business costs and offering round-the-clock […] Read more

Accountants: The Last Line of Defense in Cybersecurity for Clients

In today’s digital world, businesses face unprecedented cybersecurity risks. While large corporations invest heavily in cybersecurity, small and medium-sized businesses (SMBs) are often more vulnerable and less prepared.   Accountants—especially those who work closely with smaller businesses—can be a critical last line of defense in the fight against cyber threats. In fact, given their unique position […] Read more

The Devil is in the Detail: How Data Security is Different for Accountants

Data security is a crucial issue for any business, but for accountants, it’s a whole different ballgame.   While all businesses need to protect their data, accountants deal with sensitive financial information which can have far-reaching consequences if mishandled or lost to cybercriminals. Think about it—social security numbers, bank account information, tax records, and other personal […] Read more