How to Spot a Phishing Email

Phishing emails are among cyber criminals’ biggest weapons when it comes to stealing people’s personal data.

The attacks, which take the form of messages containing malicious links or attachments masquerading as legitimate correspondences, are responsible for some of the most notable data breaches of all time.

Scams often impersonate familiar organisations or people the victim knows, such as their colleagues or bosses.

Whoever they claim to be, cyber criminals’ goal is to make you believe that their message is legitimate and to do as they instruct.

Unfortunately, their attacks are constantly evolving, making it hard for experts and researchers to warn people about what to look out for. As a result, almost half of all phishing emails are openedand organisations lose about €1.4 million every time an employee slips up.

With October marking Cyber Security Month, a campaign designed to educate people on online threats, what better time to take a closer look at how phishing works. In this blog, we show you five clues to help you spot scam emails.

1. The email is sent from a public domain email address

Look at the sender’s email address. Scammers often go to a lot of effort to make it seem like the email is genuine, but unless they’ve already compromised the organisation’s email systems (which is very rare), they’ll have to use a different domain.

This usually involves a public email domain, such as Gmail, in which case the message will come from an address that looks like, for example, ‘’.

This is a dead giveaway that you’re being scammed. If an organisation or colleague is going to email you, they’d do it from a company account – in this case, something like

2. It contains a strange or unexpected attachment

Take a close look at any email that contains an attachment, because scammers often insert malware in them.

If you were expecting the message, or the sender’s email address is genuine, there shouldn’t be anything to worry about.

But if the email is unsolicited, your alarm bells should be ringing. Look for the other clues that we’ve listed here or contact the sender via another channel to check whether it’s genuine.

3. It creates a sense of urgency

One of the core tenets of any scam is that the victim is told they have to act before it’s too late. Crooks do this to force you into action and avoid thinking about the inconsistencies of their request.

They often do this by scaring you – saying that there has been unexpected activity on your account and asking you to reset your password, for example.

But sometimes the scam plays on the victim’s curiosity, perhaps by claiming that an offer is only available for a limited time.

The reason this tactic is so effective is because it encourages victims to think irrationally.

However, you should remember that no matter how urgent an email appears to be, you always have time to give it a quick once-over and think about whether the request makes sense and looks genuine.

4. It links to an unfamiliar or misspelled email address

For the same reason that scammers are forced to use bogus email domain names, they must also use fake domain names when directing victims to their website.

As such, the supposed destination of the URL won’t match the context of the message. For example, if the email is from Netflix, the link should begin ‘’. If that isn’t the case, you should presume that the message is a scam.

Sometimes scammers attempt to get around this by hiding their links in buttons that say, for instance, ‘click here’.

However, if you hover your cursor over the button, the URL will appear in the bottom left corner of your screen, allowing you to see whether it’s genuine or not.

5. It contains spelling or grammatical errors

You can often spot a phishing email simply by the way it is written. Scammers are often writing in a second language, so there may well be spelling mistakes or grammatical errors that you wouldn’t expect from a native speaker.

That’s not to say every email that contains these errors are scams, but when combined with one or more of the other clues we’ve outlined here, you can be reasonably confident that the sender is trying to scam you.

Is your organisation prepared?

You can help educate your staff on the threat of email scams with IT Governance’s Phishing Staff Awareness Training Programme.

This online course uses real-world examples like the ones we’ve discussed here to explain how phishing attacks work, the tactics that cyber criminals use and how you can detect malicious emails.

The content is updated quarterly to include recent examples of successful attacks and the latest trends that criminals use.

A version of this blog was originally published on 12 June 2019.

One Response

  1. Dr. Deepa Ganesh 13th March 2020

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.