Four Signs Of Phishy Emails And How To Deal With Them
“Dear customer, please be informed that we have changed our banking account. The new details are as follows.”
This email looks like a run-of-the-mill notification from a supplier. But it’s how one firm nearly lost SGD300,000 in 2025. What happened? An unsuspecting employee forgot to verify the sender.
In 2024, $88.5 million was lost to Business Email Compromise (BEC) scams alone. As businesses move operations to the cloud, there’s a huge chance that your business is next. So watch out for these four warning signs.
Suspicious Senders
Cybercriminals are highly creative, often impersonating people you know and trust. Whether it’s a business partner, a colleague, or upper management, you should always double check the email address of the sender. Scammers sometimes use Cyrillic characters to make addresses look deceptively similar. For example, ‘Singɑpore’ and ‘Singapore’ may seem the same from a distance., but upon closer inspection, the ‘ɑ’ in the first one is actually Cyrillic.
Generic Greetings and Bad Grammar
Your business partners already know your name so they won’t be using generic greetings like “Hi Sir” or “Dear customer”. Cybercriminals don’t have the best track record when it comes to grammar or spellcheck so a business email riddled with typos is suspicious. However, seeing your name in a well-written email still doesn’t guarantee safety either because scammers will use your personal info to make the email seem more legitimate.
Implausible Urgency
“Urgent Action Required” and “Your account will be deactivated soon!” are all common subjects that cybercriminals use. They use social engineering to induce panic, in hopes that you’ll act without thinking. Whenever someone tells you that transactions need to be done immediately, hit the brakes. Reach out via a trusted channel to verify whether the task actually exists and if it’s genuinely urgent. Chances are, it isn’t.
Unknown Attachments and Links
Even if an email passes all the previous tests, it might not mean it’s perfectly safe. Scammers who gain access to a legitimate email address can use it to spread malware or phishing sites. Common tactics include an attachment that looks like a pdf but is actually an exe, or a link that leads to a different site than you expected, such as the following screenshot. Before you click or download anything, hover on links and files to preview what they really are. When making transactions, it’s better to type addresses instead of clicking a link. Always ensure your endpoint protection, such as antivirus software, is active to scan any downloaded files.
National Crime Prevention Council Singapore (2018, May 04) SCAMALERT: Fake POSB Website. Please alert your loved ones on a phishing attempt targeting POSB customers. Facebook. https://www.facebook.com/share/p/19XCNgcGNg/
Put Scam Prevention Into Practice
Your employees might know the theories behind avoiding email phishing scams. But do they actually know how to respond? During Singapore’s First Coordinated Phishing Exercise in early 2025, 17% of the employees opened suspicious links, which is 8% higher than the global average.
Prevention is always better than cure. Make your employees your first line of defence with MyRepublic’s Managed Email Phishing and Cybersecurity Resilience Training. Instead of just teaching theory, we simulate real-world attacks so employees learn how to spot and report phishing attempts under pressure. Safeguard your time, financial resources, and energy by remaining vigilant against these scams.
The program includes up to four bespoke phishing campaigns per year, rapid onboarding and formal program development support, a library of fully customisable, real-attack localised templates, automated repeat-offender identification for targeted coaching, comprehensive dashboards tracking click-rates, plus quarterly webinars to reinforce lessons learned. On-site training can be part of the package to ensure that everyone understands their part in the cyber resilience of your company.
Don’t let cybercriminals get away with their phish-y business. See how MyRepublic can help you scam-proof your business today.
