How to spot and stop phishing emails

Paul Williams, Country Manager for Southern Africa at Fortinet, a global leader in cybersecurity, highlights the need to stay vigilant against these sophisticated scams.

Paul Williams, Country Manager for Southern Africa at Fortinet, a global leader in cybersecurity, highlights the need to stay vigilant against these sophisticated scams.

Published Jan 10, 2025

Share

Email has become an integral part of daily life, but it’s also a prime channel for cybercriminals.

Phishing scams, malicious emails designed to trick recipients into revealing sensitive information – are among the most prevalent threats.

In South Africa, where digital adoption is growing rapidly, the stakes are high.

Paul Williams, Country Manager for Southern Africa at Fortinet, a global leader in cybersecurity, highlights the need to stay vigilant against these sophisticated scams.

Williams explains that phishing emails exploit human error.

“They often play on fear, urgency, or curiosity to compel victims to act without thinking,” he says. Falling victim can result in financial losses, data breaches, or identity theft.

Understanding the anatomy of a phishing email is the first step in protecting yourself. Here are five critical clues to identify phishing attempts:

1. Suspicious sender addresses

Phishing emails often come from addresses that appear legitimate but feature subtle discrepancies. For example, an email might appear to come from [email protected] but is actually sent from [email protected]. These minor variations are easy to overlook.

In South Africa, local businesses and financial institutions are common targets. “Always double-check the sender’s address,” Williams advises. “If anything seems off, contact the organisation directly through official channels.”

2. Generic greetings

A legitimate email from your bank or service provider will usually address you by name. Conversely, phishing emails use impersonal greetings like “Dear Customer” to cast a wide net.

“Cybercriminals often lack personal details, which is why their messages feel generic,” says Williams. If an email claiming to be from your bank doesn’t address you directly, proceed with caution.

3. Urgency or fear tactics

Phishing emails frequently create a sense of panic to spur immediate action. Common examples include warnings about account closures, unusual login attempts, or unpaid invoices.

“In South Africa, we’ve seen phishing emails impersonating SARS with threats of legal action for unpaid taxes,” Williams notes. Always verify such claims independently before clicking on any links or sharing information.

4. Suspicious links and attachments

Phishing emails often contain links that appear legitimate but redirect to fake websites. These sites mimic the look of real ones to harvest credentials. Attachments, meanwhile, can contain malware.

“Hover over any links to check the URL before clicking,” Williams advises. “And avoid downloading unsolicited attachments. Local campaigns frequently mimic utility providers or telecommunications companies, making vigilance essential.”

5. Poor grammar and formatting

While phishing scams are becoming more sophisticated, many still exhibit obvious red flags such as spelling mistakes, inconsistent formatting, or awkward phrasing. “Professional organisations take great care with their communications,” Williams explains. “If the email looks sloppy, it’s likely a scam.”

Protect yourself and your organisation

Being able to spot a phishing email is just one part of the solution. Here are proactive steps to enhance your security:

Enable multi-factor authentication (MFA): This adds an additional layer of protection, ensuring that even if a cybercriminal obtains your password, they cannot access your account.

Regularly update your passwords: Use strong, unique passwords and update them periodically. Password managers can help you generate and store complex passwords securely.

Educate yourself and others: Cybersecurity awareness training can significantly reduce the risk of falling for phishing scams. Employees in particular should be trained to recognise and report suspicious emails.

Verify before you act: Never click on links or provide information without verifying the email’s legitimacy through official channels.

As phishing scams continue to evolve, awareness and vigilance are your best defences.

In South Africa, where digital platforms are integral to business and personal interactions, the consequences of falling victim to phishing can be severe. By understanding the signs and taking preventive measures, you can reduce your risk and safeguard your data.

“Phishing relies on human nature, but awareness is a powerful countermeasure,” Williams concludes. “Think twice, verify, and stay safe.”

BUSINESS REPORT