Hooded cyber criminal stealing secrets with laptop

How to recognize a phishing attack? To know how to recognize a fraudulent email, remind your employees that there are six main indicators of a fraudulent email, which you should especially avoid answering, trusting or clicking. Here are the top some indicators of email fraud: 


Cybercriminals know that people are busy and they don’t carefully examine the sender of an email. These criminals also know that people are naturally inclined to trust. This makes it very easy to trick them into believing that, knowing the sender, the email must be legitimate.  The sender’s name and email address are very easy to forge. 

Just because you think you know the person sending the email doesn’t mean it’s safe. Remind your employees to always check carefully if the sender’s name and email address are spelled correctly. Advise them to hover their mouse over the name of the sender of the email and check if their name and email address are legitimate. 


Cybercriminals know how to compose emails using clever social engineering techniques that trick people into taking action. And also believing that by replying they are doing the right thing. Remind your employees to watch for these clues in the content of an email, often indicating fraud: 

• Grammar and spelling mistakes or poorly structured sentences. 

• Language that attracts attention and evokes urgency to create a sense of panic prompting to take action. For example, your account will be locked if you don’t respond immediately. 

• Request for confidential, personal or corporate information. Several cybercriminals send emails that appear to be from a bank, major online merchant, or government body. They ask the recipient to confirm an account, credit card, or social insurance number. No legitimate organization will request this kind of information by email.

Phishing attacks usually include a link or button that directs the recipient to a fake website. This fake site looks real, but the domain name is not legitimate. For example, a cybercriminal could recreate the Amazon account page. But the URL is amazon.accountsupdate.ca instead of amazon.ca/gp/css/homepage.html. 

Remind your employees to never click a link or button in an email, and should instead open a new browser tab and manually enter the website URL, or use a bookmark. Enclosed Attachments are used by cyber criminals to install malware on a computer and potentially on the corporate computer network. 

This malware can then lock down the computer or entire network, install software that logs computer keystrokes and passwords, or install a virus capable of corrupting files, with a ransom note. 

Contact information 

Organizations and legitimate employees ask for a response by providing contact information so that it is easy to contact them. Watch the salutation carefully and look for a phone number and address, and verify that the email address in the salutation matches the sender’s email address. 

You should ensure that you have managed IT systems in place so that these attacks can be found early.