How to spot a phishing email

Phishing emails are a social engineering tactic that preys on human behaviour and works on deceiving the reader and tricking them into receiving sensitive information. This is usually carried out by clicking a malicious link or sending sensitive information.

Looking at statistics for 2023, over 3.4 billion phishing emails are sent every day. You will have likely seen a few in your inbox already today. However, there would have been a few that you didn’t even realise were phishing emails. The consequences can be catastrophic for a company, allowing access to sensitive information on employees, customers or both. Due to this, organisations are having to become increasingly focused and savvy in training their employees in identifying them.

Would you know what one of these emails would look like?

Here is our 8 Step Guide on Spotting a Phishing Email.

So how do you spot a phishing email?

1. Check the sender address

A common phishing ploy is to spoof the display name on an email. As inboxes show the display name spoofing the name of someone else in the business or a customer means the email is likely to be opened.

The harder thing to spoof is the actual domain name the email is coming from (@domainname.com for example). So even if you do recognise the sender name double-check the domain is genuine. You will find scammers often use domain names with subtle changes, such as a missing letter.

2. Hover over links before clicking them

Most phishing emails want you to click on a link. The link will look genuine but will either lead directly to a virus or a webpage designed to gather sensitive information.

Before clicking any link hover your mouse over it. If the link address looks unusual or is not what you expect to see, then don’t click on the link. A good way of checking any link you are unsure of is to open a browser window and enter the domain part of the address to see if it’s genuine.

3. Is the email requesting sensitive information?

If the email is unsolicited and requests sensitive information, it is likely a scam. You are the winner of a competition you never entered is a good example of this or an emergency has occurred and can only be resolved with a bank transfer… Remember, most companies will never send you an email asking for sensitive information unless you requested them. In fact, most companies will continually stress that they won’t ask for sensitive information. If you follow a link to a website that is asking for sensitive information you must be entirely sure it is genuine.

4. Be wary of urgent or scare tactics in the subject line

Creating a sense of urgency is a popular phishing email tactic. Beware of emails saying you have a limited time to take action. A common scammer approach is subject lines such as ‘your account has been suspended or ‘there has been an unauthorised login attempt’.

If you receive an email like this and you are unsure if it is genuine, follow the other tips in this guide. If you are still unsure then speak to the company over the phone, making sure you don’t use a phone number included in the email, get it directly from their website.

5. Poor grammar or spelling?

Phishing emails frequently contain grammatical errors, misspellings, or awkward sentence structure. These mistakes can indicate that the email is not from a reputable source and shouldn’t be trusted.

6. What does the email look like?

Phishing emails often have a generic or unprofessional appearance. Look for inconsistent formatting, poor quality images, or a mismatched logo.

7. Beware of attachments

When was the last time a genuine company sent you an email with an attachment? It is only likely to happen if you have bought something from them or you have requested information from them.

There will be times that a genuine company does send you an email with an attachment but you will usually have initially done something to request this, for example, an ebook download.

8. Review the signature

Does the email have a signature at the end and how much detail does the signature contain? The lack of contact information can be a sign of a phishing email.

Do the links in the signature work? Scammers will often take screengrabs of genuine signatures. By using that as an image they can’t include the actual links. If the signature does have links hover over them to see if they are genuine.

Conclusion

Even the best spam filters will not stop every single phishing email. Spammers have become a lot more sophisticated and are better at beating the filters. That is why it is important to be on the lookout for phishing emails.

By knowing the tactics spammers like to use can help you spot when a phishing email appears in your inbox. Knowing what to look for will make it less likely for you to fall victim to a phishing email. Above all, if something feels off or too good to be true, it’s likely to be a phishing attempt. Trust your gut and err on the side of caution!