Stay one step ahead: top tips to spot and avoid phishing scams

Phishing scams are getting smarter every year, using sneaky tactics to steal your personal information and mess with your digital security. Fall for one of these tricks, and you could be dealing with identity theft, financial losses, and data breaches. 

How to tell if an email from WorkflowMax is the real deal? 

Understanding phishing is crucial for your safety. Knowing how to avoid it is your best defence against these online threats. To help keep you updated and protected, here are some practical tips to keep you safe: 

• Check the sender’s email address: A real email from WorkflowMax will come from an official email address ending in @workflowmax2.com. Watch out for any sneaky variations or misspellings in the domain name.

• Look for personalised greetings: Our official emails usually address you by your name, not with a generic “Dear Customer.”

• Verify links before clicking: Hover over any links in the email to see where they actually lead. Make sure the URL matches our official website. Be cautious of shortened URLs or links that seem off.

• Confirm unexpected attachments: We rarely send attachments in unsolicited emails. If you receive an unexpected attachment, don’t open it. Contact us directly to check if it’s legit.

• Check for consistent branding: Look for our consistent branding, including our logo and email footers. If anything looks off or unprofessional, it could be a scam.

• Contact us directly: If you’re ever unsure about an email claiming to be from WorkflowMax, don’t hesitate to reach out to us through our official website or customer support. We’re here to help you verify if the email is genuine or a phishing attempt. 

By following these tips, you can better protect yourself from phishing scams and ensure you're only interacting with legitimate communications from WorkflowMax. 

If you ever receive an email claiming to be from someone from WorkflowMax using our branding and you're unsure about its legitimacy, please do not open this email or click on any links; you should delete it immediately. Then contact us directly. We're here to help you confirm whether the communication is genuine or if it's a phishing attempt. 

If you think you may have clicked on a malicious link, we strongly recommend that you seek advice from your IT team as soon as possible, reset your passwords, and reinforce multi-factor authentication.

Read on for more in-depth articles on phishing 

If you haven’t already, check out these six highly informative articles about phishing: 

1. How to tell if an email is a phishing attempt?  

   To identify phishing emails, watch for generic greetings, urgency, inconsistent email details, suspicious links, spelling errors, and unexpected attachments or information requests. Always verify suspicious emails through a reliable method. Learn the red flags and avoid being scammed. 

2. How AI is making phishing attacks more dangerous  

   AI isn’t just a tool for innovation; it’s also being harnessed for malicious activities like phishing. This article takes a close look at how cybercriminals use AI to create convincing phishing scams and offers practical advice on protecting yourself from these advanced threats. 

3. What are the different types of phishing?

   Phishing emails can take many different forms ranging from classic email phishing schemes to more spear phishing and whaling, but they all have the same goal: to trick you into providing personal information or clicking on malicious links. Get familiar with the different types of phishing attacks. 

4. Beware of fake 'Unsubscribe' links: How to stay safe 

   Think twice before clicking “unsubscribe” in unsolicited emails. This post reveals how scammers use fake unsubscribe links to trick you and provides smart strategies for managing suspicious communications. 

5. What to do if you click a phishing link 

   If you’ve accidentally clicked a phishing link, stay calm! This comprehensive guide walks you through the steps to secure your accounts and scan for malware, helping you minimise any potential damage. 

6. Four tips to protect your business from cybercriminals

   In this increasingly digital age, small businesses are becoming more and more vulnerable to the threat of cybercrime. There has been an increase in supply chain attacks targeting small businesses. Cybercriminals are constantly adapting their tactics and using AI to fuel their attacks.

By staying informed with these resources, you can better protect yourself against phishing scams. Stay vigilant, stay safe! 

Important tip: You can report spam and phishing emails to these organisations to help protect yourself and others from cyber threats. 

Global registers 

1. SpamCop (https://www.spamcop.net) 

2. Spamhaus (https://www.spamhaus.org) 

3. Project Honey Pot (https://www.projecthoneypot.org) 

4. PhishTank (https://www.phishtank.com) 

5. APWG (Anti-Phishing Working Group) (https://www.apwg.org) 

6. FTC Complaint Assistant (https://www.ftccomplaintassistant.gov) - For US-based spam reports. 

7. econsumer.gov (https://www.econsumer.gov) - For cross-border issues related to phishing and spam. 

8. CERT (Computer Emergency Response Teams) - Many countries have their own CERTs where spam and phishing can be reported.

Australia 

1. ACMA Spam Reporting (https://www.acma.gov.au/stop-getting-spam) 

2. Australia Cyber Security Centre (ACSC) (https://www.cyber.gov.au/acsc/report) 

New Zealand 

1. Department of Internal Affairs (DIA) - Anti-Spam (https://www.dia.govt.nz/Spam) 

2. CERT NZ (https://www.cert.govt.nz/individuals/report-an-incident/) 

United Kingdom 

1. Action Fraud (https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime) 

2. Information Commissioner's Office (ICO) (https://ico.org.uk/make-a-complaint/nuisance-calls-and-messages/spam-emails/) 

3. UK's National Cyber Security Centre (NCSC) (https://www.ncsc.gov.uk/section/about-this-website/report-scam-website)