How to spot a phishing email

Phishing emails are cyber criminals’ biggest weapons when it comes to stealing people’s personal data.

Some of the biggest cyber attacks that you would have heard about involved phishing – whether it was a bogus email that fooled an employee into handing over their corporate login details or tricked them into downloaded an attachment infected with malware.

These emails often impersonate familiar organisations or people the victim knows, such as their colleagues or bosses.

Whoever they claim to be, cyber criminals’ goal is to make you believe that their message is legitimate and to do as they instruct.

Unfortunately, their attacks are constantly evolving, making it hard for experts and researchers to warn people about what to look out for. As a result, almost half of all phishing emails are opened, and organisations lose about €1.4 million every time an employee slips up.

But although the specifics of scams might change, there are always tell-tale signs that you’re being phished. In this blog, we show you five of those clues and how to spot them.

1. The email is sent from a public domain email address

Look at the sender’s email address. Scammers often go to a lot of effort to make it seem like the email is genuine, but unless they’ve already compromised the organisation’s email systems (which is very rare), they’ll have to use a different domain.

This usually involves a public email domain, such as Gmail, in which case the message will come from an address that looks like, for example, ‘’.

This is a dead giveaway that you’re being scammed. If an organisation or colleague is going to email you, they’d do it from a company account – in this case, something like

2. It contains a strange or unexpected attachment

Take a close look at any email that contains an attachment, because scammers often insert malware in them.

If you were expecting the message, or the sender’s email address is genuine, there shouldn’t be anything to worry about.

But if the email is unsolicited, your alarm bells should be ringing. Look for the other clues that we’ve listed here or contact the sender via another channel to check whether it’s genuine.

3. It creates a sense of urgency

One of the core tenets of any scam is that the victim is told they have to act before it’s too late. Crooks do this to force you into action and avoid thinking about the inconsistencies of their request.

They often do this by scaring you – saying that there has been unexpected activity on your account and asking you to reset your password, for example.

But sometimes the scam plays on the victim’s curiosity, perhaps by claiming that an offer is only available for a limited time.

The reason this tactic is so effective is because it encourages victims to think irrationally.

However, you should remember that no matter how urgent an email appears to be, you always have time to give it a quick once-over and think about whether the request makes sense and looks genuine.

4. It links to an unfamiliar or misspelled email address

For the same reason that scammers are forced to use bogus email domain names, they must also use fake domain names when directing victims to their website.

As such, the supposed destination of the URL won’t match the context of the message. For example, if the email is from Netflix, the link should begin ‘’. If that isn’t the case, you should presume that the message is a scam.

Sometimes scammers attempt to get around this by hiding their links in buttons that say, for instance, ‘click here’.

However, if you hover your cursor over the button, the URL will appear in the bottom left corner of your screen, allowing you to see whether it’s genuine or not.

5. It contains spelling or grammatical errors

You can often spot a phishing email simply by the way it is written. Scammers are often writing in a second language, so there may well be spelling mistakes or grammatical errors that you wouldn’t expect from a native speaker.

That’s not to say every email that contains these errors are scams, but when combined with one or more of the other clues we’ve outlined here, you can be reasonably confident that the sender is trying to scam you.

Is your organisation prepared?

As sophisticated as cyber criminals’ attacks are, there are always clues that can help you stay safe. The hard part is memorising these tricks.

To help you and your staff do this, we’ve created the Phishing Challenge E-learning Game.

It contains a variety of phishing problems across a range of business scenarios and industries. Players are asked to spot the real emails from the scams, and to identify the giveaways on malicious messages.

Find out more

Are you looking for more traditional staff awareness training? Our Phishing Staff Awareness Course teaches you everything you need to know in just 45 minutes.

The content is updated quarterly to cover the latest attack methods, so you can be sure that you’re one step ahead of scammers.

Subscribe to our Weekly Round-up

A version of this blog was originally published on 12 June 2019.

One Response

  1. Dr. Deepa Ganesh 13th March 2020

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.