How to spot a phishing email: six top tips
4 minute read
Kelsey Smith
October 13th, 2022
*Blog last updated on December 5th, 2024
As a highly successful way for cyber criminals to make a large profit quickly, phishing attacks are one of the most common methods of cyber crime. But they are also one of the easiest to fall victim to. We wanted to share some top tips for spotting and avoiding an attempted phishing attack.
Phishing scams are so prevalent because they only require one mistake by a recipient for the operation to be a success, and they are designed to coax you into making that mistake. They often rely on the recipient being distracted or busy – which most of us tend to be at work – and can use scare tactics to rush us into making uninformed, hasty decisions like warning you that your account will be suspended if you don’t act now.
No organisation wants its employees to fall prey to a phishing scam, so it’s important that everyone within your organisation is confident in their ability to spot a scam instinctively. Follow the tips below to help your organisation protect itself from becoming victim of a phishing attack.
1. Always check the email address
Cyber criminals can mislead you by creating fake email accounts with a custom display name of their choice to make it look like the email has come from someone you know. Many of us won’t check the email address when opening an email, but you should always check the sender’s address for anything suspicious before clicking on links or opening attachments within it.
For example, when an email lands in your inbox it may display the sender as ‘Google Accounts’, which at first glance may look familiar and could trick you into thinking that the email is from a safe, recognisable sender.
On opening the email, it can become even more convincing with a professionally styled design that includes Google’s logo and what seems like a genuine request e.g., ‘We need your help resolving an issue with your account’. But when you check the email address of the sender, it shows ‘[email protected]’, whereas a genuine email from Google would use its domain name after the ‘@’.
2. Check the spelling of the domain name
Anyone can buy a domain name, but they all must be unique – so how do cyber criminals mimic a legitimate domain while keeping it original?
By simply replacing letters that look similar – for example, substituting ‘m’ for ‘rn’ in the word ‘media’ to make it ‘rnedia’ – a scam email address can look like the genuine domain name at first glance. It seems like an obvious spot, but when you’ve been staring at a screen all day or checking multiple emails, it’s easy to mistake the fake email address as legitimate. Avoid falling for this by checking and double checking the domain name before replying, forwarding, or clicking anything within an email.
3. Check the email copy for spelling and grammar mistakes
You can often easily identify a scam purely through the quality of the email copy. A legitimate organisation isn’t likely to send you something that hasn’t been proof-read and checked, and although typos do happen in genuine emails, if it doesn’t read correctly, the chances are it’s a phishing attempt.
Many phishing scams tend to originate overseas where English isn’t the first language and because of this the spelling, grammar, and punctuation can be poor. Many cyber criminals will use a spellchecker or translation tool to aid them, but these don’t necessarily put the language they use into proper context and words can be missing, causing the sentence to not read as it should. If you spot a lot of errors within the email content, assume that it’s a phishing attempt, proceed with caution, and flag it to your IT department.
4. Never open email attachments without checking that the source is legitimate
Phishing emails always contain a payload, which is in the form of an infected attachment or link to a fake website. The purpose of these payloads is to capture sensitive data, credentials, credit card details, account numbers, and phone numbers, which is why you should never open an attachment or click a link within an email unless you are fully confident that it has come from a genuine source.
Infected attachments
Some phishing attempts will be in the form of an email with an attachment that encourages you to open it with the aim of unleashing malware onto your computer when you do. For example, you receive an invoice attached to an email as a document, but you aren’t sure whether this invoice is for you and when you open the document to check, the malware hidden in the document infects your computer.
To avoid this happening, the best advice is to not open the attachment without verifying the source and be wary of attachments in emails that you aren’t expecting.
Fake links
Get into the habit of checking the web addresses hidden behind links in emails before you click on them to ensure that you don’t accidently click on any malicious links. It’s easy to do and could help to protect your organisation from a cyber security attack.
On a computer: hover your mouse over the link, and the destination address will appear. If it’s not to a legitimate organisation page or it looks suspicious, don’t click it!
If you’re using a mobile: hold down on the link and a pop-up will appear displaying the destination link.
5. Avoid urgent act requests
We’ve all experienced a colleague needing information quickly, but before you act, you should assess if the email contains a veiled threat that asks you to respond urgently. Be suspicious of language like ‘send these details within 24 hours’ or ‘you have been a victim of crime, click here immediately’.
If the email doesn’t feel right and is asking you to act now or is applying pressure in the tone of the email – avoid responding straight away. Give yourself time to process the content of the email and flag the email to your IT team if you’re still unsure whether it is genuine or not; in the world of cyber security, it’s better to be safe than sorry.
6. Look for obvious phishing warning signs
- Is the email addressed to you by name, or does it use language like ‘valued customer’, ‘friend’, or ‘colleague’?
- Does the email appear to come from a senior person within your organisation and is requesting payment is made to a particular bank account?
- Always evaluate the sender’s name – does it sound legitimate? Or is it trying to mimic someone you know?
- Does it appear too good to be true? Are they trying to give you money?
If you’ve answered yes to any of the above, or if it seems like the sender doesn’t know you, you should be wary as this can signal a phishing attempt.
Caught out by a phishing attempt? Make sure you report it!
Even with knowledge of common phishing attempt signs, cyber criminals are always looking for new ways to get around security procedures and convince us to take action on phishing emails, so it can be hard to tell if an email is genuine, and even the most astute among us can get caught out. But if you do fall victim to a phishing attack, you must always report it to give your organisation the best chance of managing it to prevent further damage and to learn from the breach to avoid future incidents.
Encourage the people within your organisation to report all phishing attacks and avoid shaming anyone if they get caught out as it discourages people from reporting it in the future, which could cause more harm to your business in the long run. By ensuring employees feel comfortable asking for help if they think that they might have been a victim of phishing, you will be notified of any security risks early, allowing you to take steps to mitigate the risk as soon as possible – such as scanning for malware and changing passwords – if you suspect a successful attack has occurred.
Check out our advice on how to prevent a cyber security breach for more information on avoiding attacks.