How can I identify a phishing email?

'Phishing' is when scammers use scam emails or other means of communication to trick victims into providing sensitive or personal information. These emails will often refer the recipient to a fake website. The site is designed to replicate the service that they are imitating. 

Some of the signs of a phishing email include: 

• The email isn’t addressed to your name.  Many phishing emails will address the recipient of the email with a generic term such as ‘Dear Client’ or just simply ‘Hi’.
• The email has been received through a different email address to the one you usually receive invoices and other accounts related emails on. The phishing emails that have targeted customers in the past have been sent to email addresses that are listed on websites. In these cases, the perpetrators have scraped these websites for email addresses on contact pages/forms. Often, this isn’t the email address that we hold on your account.
• The email hasn’t been received from the company's domain. A lot of times, companies will ensure all emails come from a specific email address and/or domain. If the email you’ve received isn’t from their usual email address, then it’s likely that you’ve received a phishing email.  
• The information in the email isn’t correct. For example, does the email state that your domain name is up for renewal and you need to click the link below to renew your domain? If we host your domain(s) on your behalf, we will always renew the domains automatically for you. 
• Poor written spelling and grammar. Although this isn’t always the case, many fraudulent emails will contain poor grammar and incorrect spelling.

What should I do once I have identified a phishing email? 

• Don’t click any links in the email! Links inside these emails will often redirect you to deceptive sites designed to look just like the website of the company they are mimicking. If you’re ever unsure about a link that’s asking for payment, we’d recommend contacting the company themselves to ensure the email is genuine. 
• Don’t enter any personal information! If you’re dubious about an email that you’ve received, please don’t enter any of your sensitive information. Once you do so it is often too late and the criminals with already have your information. 
• Contact Vector7 Support. Please forward the email as an attachment to our team (rather than clicking on the "Forward" button). This will allow our team to look through the email headers, which contains information that is invaluable in being able to detect where (and potentially who) the email has been from – and also helps us take action against the emails to prevent any more victims.

What should I do if I do click on link/provide personal information? 

• The first step would be to ensure that you update your password immediately. The quicker you update your password after entering into the deceptive site the lower the chance of the fraudster being able to access your account.  We’d also advise that you update the password on any other services where you use the same email/password combination. However, we’d always recommend using different security information for every site you access, and making use of a password manager to keep track of everything. 
• Add Two Factor Authentication. Two-factor authentication (2FA) adds another layer of security to your account which makes it more difficult for hackers to access your account. If the website / application supports Two Factor Authentication, we would always recommend setting this up to ensure maximum security on your account.
• Run a virus scan. A lot of links contain hidden viruses that can be installed on your computer as soon as the link has loaded. These viruses can allow people to remotely connect to your computer without you knowing, and they can see everything you do on your computer, including the keys you press on your keyboard. By running a virus scan, you can catch these quickly to limit the amount of information the malicious party sees and ultimately protect yourself from further damages.
• Cancel/suspend your bank card. If you have entered your card details into a suspicious form then we would recommend contacting your bank and cancelling your card as soon as possible. Many banks allow you to suspend or cancel card directly through your online or mobile banking app without having to call them.