Phishing

September 13 2025

Day 4: Phishing 2.0: AI Scam Emails Look Better Than the Real Thing

SJ CyberAware AI, All, Daily Tips, Phishing, SMB

Phishing 2.0: AI Scam Emails Look Better Than the Real Thing

Remember when scam emails were easy to spot? Dodgy grammar, random capital letters, and a promise of millions from a “Prince” who just needed your bank details? Sadly, those days are gone.

With AI in the mix, phishing emails now look slick, polished, and worryingly convincing. Criminals can generate messages that read like they came from HMRC, your bank, or a trusted supplier. The branding is perfect, the tone feels right, and even the “from” address can look almost identical to the real thing.

For SMBs juggling multiple clients, suppliers, and invoices every week, this is a nightmare. A fake tax notice, an urgent utility bill, or a “customer complaint” can slide into the inbox and look completely legitimate. One click to open an attachment or one rushed payment later, and suddenly your business is dealing with malware, ransomware, or financial loss.

💡 Real-life example: In 2024, several UK SMBs in the hospitality sector were hit with AI-crafted phishing campaigns posing as energy suppliers. The emails looked identical to genuine statements, right down to the logos and reference numbers. Staff under pressure to pay “overdue” invoices wired thousands before realising the supplier accounts were fake.

What SMBs Can Do

Trust but verify. Never approve a payment request or invoice without confirming it through a known, independent channel.
Invest in good email filtering. Modern filters can catch many suspicious emails before they hit inboxes.
Train your team. Staff should know how to spot red flags like urgent tone, unusual requests, or slightly odd sender addresses.
Slow down. Most phishing succeeds because people feel rushed. Taking 60 seconds to double-check could save thousands.

AI has given scammers a new set of tools, but SMBs can fight back with clear processes, good technology, and a healthy dose of caution.

In short: don’t let a well-worded email catch you off guard.

September 7 2025

Follow secure email practices.

SJ CyberAware All, Daily Tips, Phishing, Protect

Email is one of the most common ways cybercriminals try to break into businesses. Simple steps like using spam filters, setting up DMARC (to block fake emails), and turning on multi-factor authentication (MFA) can make a big difference. It’s also vital to train your team to spot suspicious messages and avoid clicking dodgy links or attachments. For small businesses, protecting email isn’t just about security, it’s about trust. Think of every inbox as a frontline in your defence.

Top Tips for Safer Email Use
Top Tips for Safer Email Use
Use strong spam filters to block junk and malicious emails before they reach your inbox.
Turn on MFA (multi-factor authentication) so even if a password is stolen, attackers can’t get in.
Set up DMARC, SPF, and DKIM to stop criminals spoofing your domain and sending fake emails.
Train staff regularly to spot phishing attempts, look out for odd language, urgent requests, or unexpected attachments.
Never click unknown links or open suspicious files, even if they seem to come from someone you know.
Keep email software and antivirus tools updated to patch vulnerabilities.
Use business-grade email platforms with built-in security features.
Limit sensitive info in emails, assume anything sent could be intercepted.
Report dodgy emails immediately so others don’t fall for the same trick.
Treat every inbox like a potential battlefield, stay alert, stay secure.

August 16 2025

Recognize phishing websites.

SJ CyberAware All, Daily Tips, Identify, Phishing, Protect

Recognizing phishing websites is vital to avoid scams and protect sensitive data. Always check the web address carefully, phishing sites often use slight misspellings or extra characters. Look for the padlock icon and “https” to confirm a secure connection. Be cautious if the site urges you to act quickly, requests personal details, or looks poorly designed. Avoid clicking on suspicious links in emails or texts, and verify legitimacy by navigating directly to the official website.

Very Important!
Recognizing Phishing Websites
Why it matters:
Phishing websites are designed to trick you into handing over sensitive data such as passwords, banking details, or company logins. They often look convincing but contain subtle clues that reveal their true nature. Spotting these red flags helps protect both individuals and businesses from fraud, financial loss, and data breaches.
Top Tips for Identifying Phishing Websites
Examine the web address (URL) closely
Look for small changes like paypa1.com instead of paypal.com.
Watch for extra words, dashes, or strange country codes.
Check for HTTPS and the padlock
A secure site should begin with https:// and show a padlock in the browser bar.
Warning: Not all HTTPS sites are safe—attackers can also use certificates. Treat it as one sign, not the only one.
Beware of urgency or scare tactics
“Your account will be locked in 24 hours” or “Immediate action required” are common phishing hooks.
Real businesses rarely pressure you into instant action.
Avoid entering sensitive information
Never provide passwords, PINs, or banking details unless you are certain the site is legitimate.
If in doubt, stop and verify.
Look at the design and content quality
Poor spelling, grammar mistakes, fuzzy logos, or broken links are common on fake sites.
Compare with the official website to spot differences.
Don’t click suspicious links
Links from unexpected emails, texts, or pop-ups often lead to phishing sites.
Hover over the link first to preview the destination address before clicking.
Verify directly
Instead of clicking a link, type the organisation’s official web address into your browser.
For example, go directly to your bank’s homepage rather than following a link in an email.
Report suspicious sites
Many browsers and email services let you report phishing attempts.
Reporting helps protect others and can lead to faster takedown of fake sites.
✅ By combining these checks, staff and individuals can build a reliable habit of spotting phishing websites before they cause damage.

July 30 2025

Be cautious of unsolicited phone calls.

SJ CyberAware All, Daily Tips, Phishing, Protect

Being cautious of unsolicited phone calls is crucial for protecting your personal information and avoiding scams. If you receive a call from an unknown number, avoid sharing any sensitive information, and be wary of callers who pressure you for details. Verify the caller’s identity through official channels before taking any action.

Best Practice
Voice of Deception: The Rise of the Scam Call
Scam calls have evolved.
They’re not just asking for bank details anymore, they’re impersonating your IT team, your CEO, even government bodies. These attackers don’t need brute force. They use emotion as their weapon: urgency, fear, authority.
The Tactic: Social Engineering Over the Phone
A remote worker gets a call.
The voice sounds confident. Knows the lingo. “Reset your password now, security threat detected.”
The caller isn’t from IT. They’re a scammer with a script. The result? Compromised credentials and exposed data, all from a phone call.
The Shield: Smart Verification
Best Practice: Let unknown numbers hit voicemail. Verify legitimacy through official channels before engaging.
Top Tip: Build a “Say My Name” checklist, real providers won’t flinch when asked to confirm who they are and where they’re calling from.
The Protocol: Make Safety Second Nature
Define who’s allowed to make security-related calls
Outline how staff should validate caller identity
Clarify when and how to escalate suspicious contact
Roleplay real-world scenarios during training so instincts kick in when it counts
Final Word
Phone scams are no joke, they’re psychological exploits dressed in casual conversation.
Stay calm. Stay curious. Ask the awkward question. That one pause could stop a breach.

July 21 2025

Follow best practices for email security.

SJ CyberAware All, Daily Tips, Phishing, Protect

Avoid opening attachments or clicking on links from unknown senders, use strong, unique passwords, enable two-factor authentication (2FA), and be cautious of phishing attempts. Regularly update your email client and software, and be mindful of sharing personal information over email. Implementing these practices helps safeguard your email communications.

Best Practice
Best Practice Checklist: Secure Your Email Communications
Avoid Suspicious Attachments & Links
Never open attachments or click links from unknown or untrusted senders.
Hover over links to preview the destination before clicking.
Verify sender details—phishing emails often spoof legitimate contacts.
Report suspicious emails to IT or your email provider.
Use Strong, Unique Passwords
Create complex passphrases (e.g., 3–4 random words with symbols).
Never reuse passwords across accounts.
Use a password manager to store and generate strong passwords.
Enable Two-Factor Authentication (2FA)
Activate 2FA on your email account and other critical services.
Use app-based authenticators like Google Authenticator or Authy over SMS.
Secure backup codes in a safe, offline location.
Keep Software and Email Clients Updated
Enable auto-updates where possible.
Manually check for updates regularly for your OS, browser, antivirus, and email client.
Patch known vulnerabilities quickly to reduce exposure.
Limit Personal Info Shared via Email
Avoid sharing sensitive data like ID numbers, passwords, or payment info via email.
Use encryption for any confidential communication.
Educate staff on what should and shouldn’t be sent over email.
Be Phishing-Aware
Watch for urgency, poor grammar, and unfamiliar senders.
Use anti-phishing tools or browser extensions.
Regularly train employees on phishing recognition techniques.

July 6 2025

Beware of social engineering attacks.

SJ CyberAware All, Daily Tips, Identify, Phishing, Protect

Social engineering attacks manipulate individuals into revealing confidential information or performing actions that compromise security. To protect yourself, verify identities, be cautious of unsolicited communications, and never share sensitive information without proper verification. Staying vigilant and sceptical can help you avoid falling victim to these attacks.

How to spot and avoid.

How to Spot and Avoid Social Engineering

1. Be suspicious of urgency

If someone pressures you to act right now, whether it’s clicking a link, transferring money, or sharing info, pause. Urgency is a classic manipulation tactic.

2. Double-check identities

If someone claims to be from IT, HR, or even your boss, verify through a known contact method. Don’t trust caller ID or email addresses at face value.

3. Watch for emotional triggers

Social engineers often play on fear, curiosity, or even flattery. If a message makes you feel panicked or overly important, take a breath and reassess.

4. Don’t overshare on social media

Attackers can use your public posts to craft convincing scams. Avoid sharing details like job titles, birthdays, or travel plans that could be used against you.

5. Hover before you click

Before clicking a link, hover your mouse over it to preview the actual URL. If it looks odd or doesn’t match the sender’s domain, don’t click.

6. Be wary of freebies

If someone offers something for free, like a USB stick, gift card, or survey prize, it could be bait. “Baiting” is a common trick to get you to plug in malware or give up info.

7. Don’t trust unsolicited tech support

If someone calls claiming to be from Microsoft, your bank, or “security support,” hang up and call the official number. Real companies don’t cold-call for fixes.

8. Use two-factor authentication (2FA)

Even if someone gets your password, 2FA adds a second layer of protection. It’s one of the easiest ways to block social engineering fallout.

9. Keep software up to date

Patches fix vulnerabilities that attackers love to exploit. Regular updates reduce your risk, even if you accidentally click something shady.

10. Trust your gut

If something feels off, it probably is. Ask a colleague, report it to IT, or just pause. It’s better to be cautious than compromised.

June 2 2025

Be cautious with email attachments.

SJ CyberAware All, Daily Tips, Phishing, Protect

To stay safe with email attachments, verify the sender and ensure you recognize them. Look for red flags like unusual email addresses and spelling errors. Use antivirus software to scan attachments before opening them. Be sceptical of emails that create a sense of urgency or pressure you to act quickly. By being cautious, you can protect yourself from malicious attachments and potential cyber threats.

Attachment red flags
Here are some key red flags to watch for in email attachments:
Suspicious File Extensions – Be cautious with .exe, .zip, .js, and other executable files that may contain malware.
Unexpected Attachments – If you weren’t expecting an attachment, verify its legitimacy before opening.
Encrypted Archive Files – Password-protected ZIP or RAR files can conceal malware, making them harder to detect.
Strange Sender Addresses – Emails from unknown or misspelled domains may indicate phishing attempts.
Poorly Written Emails – Spelling errors, odd formatting, or generic greetings can signal fraudulent messages.

May 28 2025

Beware of ransomware

SJ CyberAware All, Daily Tips, Identify, Phishing, Protect

Ransomware is a serious cyber threat that encrypts your files and demands payment for their release, often leaving victims with limited options. The best defense is regularly backing up your data so you can restore it without paying a ransom. Use external hard drives, cloud storage, or secure offline backups to ensure your files remain accessible in the event of an attack. Keep backups updated and separate from your primary system to prevent compromise. Cybercriminals rely on panic—having a recovery plan keeps you in control and protects your valuable information from being held hostage. Stay prepared, stay protected!

Do you need help securing a specific system or business environment, you do, then please contact us.

Ransomware Do's & Dont's
Ransomware is a growing cyber threat that can lock your files and demand payment to restore access. Here’s how to protect yourself and respond effectively if an attack happens.
Top Tips to Avoid a Ransomware Attack:
Keep Software Updated – Regular updates patch security vulnerabilities that attackers exploit.
Use Strong Passwords & Multi-Factor Authentication (MFA) – Secure accounts with complex passwords and extra verification steps.
Back Up Your Data Regularly – Store backups offline or in the cloud to restore files without paying a ransom.
Be Cautious with Emails & Links – Avoid clicking suspicious links or downloading unknown attachments.
Enable Firewalls & Security Software – Use antivirus tools and firewalls to detect and block threats.
Limit Remote Access – Secure remote desktop connections with strong authentication and monitoring.
Train Employees on Cybersecurity – Educate staff on phishing scams and safe online practices.
Monitor Network Activity – Detect unusual behaviour early to prevent ransomware from spreading.
Restrict User Permissions – Limit access to sensitive files to reduce the risk of unauthorized changes.
Use Zero Trust Security Measures – Verify all users and devices before granting access to critical systems.
What to Do If You’re Attacked:
Disconnect from the Network – Immediately isolate infected devices to prevent ransomware from spreading.
Do Not Pay the Ransom – Paying doesn’t guarantee file recovery and encourages more attacks.
Report the Attack – Notify cybersecurity experts, law enforcement, or IT teams for assistance.
Restore from Backups – If backups are available, use them to recover lost data without paying.
Identify the Source – Investigate how the ransomware entered your system to prevent future incidents.
Strengthen Security Measures – Update software, improve access controls, and enhance monitoring to prevent repeat attacks.
Taking proactive steps can help prevent ransomware, and knowing how to respond quickly can minimize damage if an attack occurs.

May 24 2025

Phishing Urgency

SJ CyberAware All, Cyber Digist, Daily Tips, Phishing

A perfect example of URGENCY in action.

Phishing emails try to make you panic so you’ll act without thinking. If an email is pushing you to “Click Now,” “Immediate Response,” or “Your Account Will Be Closed”, take a step back. Scammers use urgency to trick people into clicking bad links or giving up personal info. They might claim suspicious activity, an unpaid bill, or a security breach, all designed to pressure you. Before you do anything, check the sender, look for weird wording, and hover over links to see where they really go. If something feels off, don’t rush, stay cautious and verify first!

May 19 2025

Beware of phishing scams.

SJ CyberAware All, Daily Tips, Phishing, Protect

Beware of phishing scams by verifying the source of unexpected communications, checking URLs before clicking, avoiding sharing personal information, looking for red flags like urgent language, and keeping your security software up-to-date. Stay alert and protect yourself from phishing scams!

Recognizing Phishing Scams
Recognizing phishing scams is essential for safeguarding your personal and financial details. Staying vigilant helps prevent falling victim to fraud. Here are ten key tips to keep you protected:

Check the Sender’s Email Address – Scammers often use fake or slightly altered addresses to mimic legitimate sources.

Look for Spelling & Grammar Mistakes – Official emails are usually well-written, while phishing attempts often contain errors.

Beware of Urgent or Threatening Language – Scammers try to create panic by claiming your account will be locked or compromised.

Hover Over Links Before Clicking – Check if the actual URL matches the displayed text; phishing links often lead to fake sites.

Avoid Unexpected Attachments – Never open attachments from unknown senders, as they may contain malware.

Verify Requests for Personal Information – Legitimate companies won’t ask for sensitive details like passwords via email.

Watch Out for Too-Good-to-Be-True Offers – If an email promises rewards or prizes you didn’t sign up for, it’s likely a scam.

Check for Generic Greetings – Phishing emails often use vague salutations like “Dear Customer” instead of your name.

Keep Your Software Updated – Security updates help protect against phishing attempts that exploit vulnerabilities.

Trust Your Instincts – If something feels off, don’t click—verify the source through official channels instead.

In the UK, you can report suspicious emails and scams to the National Cyber Security Centre (NCSC) by forwarding them to report@phishing.gov.uk. The NCSC will investigate and take action if necessary.

For suspicious text messages, you can forward them to 7726 (which is free) to report them to your mobile provider.

If you believe you’ve lost money or been hacked due to an online scam, you should report it to Action Fraud in England and Wales, or Police Scotland if you’re in Scotland.

You can find more details on the official GOV.UK website or the NCSC website.

Day 4: Phishing 2.0: AI Scam Emails Look Better Than the Real Thing

Phishing 2.0: AI Scam Emails Look Better Than the Real Thing

What SMBs Can Do

Follow secure email practices.

Recognize phishing websites.

Recognizing Phishing Websites

Top Tips for Identifying Phishing Websites

Be cautious of unsolicited phone calls.

Voice of Deception: The Rise of the Scam Call

The Tactic: Social Engineering Over the Phone

The Shield: Smart Verification

The Protocol: Make Safety Second Nature

Final Word

Follow best practices for email security.

Best Practice Checklist: Secure Your Email Communications

Avoid Suspicious Attachments & Links

Use Strong, Unique Passwords

Enable Two-Factor Authentication (2FA)

Keep Software and Email Clients Updated

Limit Personal Info Shared via Email

Be Phishing-Aware

Beware of social engineering attacks.

How to Spot and Avoid Social Engineering

1. Be suspicious of urgency

2. Double-check identities

3. Watch for emotional triggers

4. Don’t overshare on social media

5. Hover before you click

6. Be wary of freebies

7. Don’t trust unsolicited tech support

8. Use two-factor authentication (2FA)

9. Keep software up to date

10. Trust your gut

Be cautious with email attachments.

Beware of ransomware

Phishing Urgency

Beware of phishing scams.