How to spot a potential phishing email


Phishing emails are fake messages from cyber criminals trying to steal your personal information, like passwords or credit card numbers. These emails often look real, making them hard to spot. This guide will help you recognise phishing emails.

What is a phishing email?

A phishing email is a scam where attackers pretend to be real organisations to steal personal information. They use urgent or tempting messages to trick people into clicking on bad links or attachments. Recognising these emails is crucial for protecting your information and maintaining cyber security.

Why is it important to recognise phishing emails?

Phishing attacks can lead to identity theft, financial loss, and stolen data. By learning to spot phishing emails, you can avoid these scams and help protect others by reporting suspicious emails.

Common signs of a phishing email

Understanding the signs of phishing emails can help you avoid them. Here are some key indicators:

Suspicious email sender

Phishing emails often come from addresses that look similar to real ones but have slight differences. For example, an email from "support@amaz0n.com" instead of "support@amazon.com" is likely a phishing attempt. 

Always check the sender’s email address carefully.

Generic greetings

Real companies usually address you by your name. 

Phishing emails often use generic greetings like "Dear Customer" or "Dear User" because they are sent to many people. Be cautious if the email doesn’t address you personally.

Urgent or threatening language

Phishing emails create a sense of urgency or fear to make you act fast. 

Phrases like "Your account will be suspended," "Immediate action required," or "You have been selected for a prize" are common. 

Always think before reacting to such messages.

Unexpected attachments or links

Be wary of emails with attachments or links you didn’t expect. 

Phishing emails often include bad links or attachments that can harm your device or direct you to fake websites. 

Hover over links to see the URL before clicking, and avoid opening unexpected attachments.

Poor grammar or spelling

Companies usually have professional communication. 

Phishing emails often contain spelling mistakes, bad grammar, or awkward phrasing. These errors can be a red flag.

Request for personal information

Genuine companies will not ask for sensitive information like passwords or credit card numbers via email. If an email asks for such information, it is likely a phishing attempt.

Inconsistencies in email design

Phishing emails often have poor design, low-quality logos, and mismatched fonts or colours. 

Compare the email’s design with previous emails from the same company to spot any differences.

Steps to take if you suspect a phishing email

Taking steps to protect yourself can help you avoid phishing attacks:

Use email filters

Enable spam filters on your email account to reduce phishing emails. Regularly update these settings to adapt to new phishing tactics.

Keep software updated

Make sure your operating system, email application, browser, and antivirus software are up to date. Security updates often include patches for vulnerabilities that phishing attacks can exploit.

Enable two-factor authentication

Two-factor authentication (2FA) adds extra security to your accounts. Even if a phisher gets your password, they will need a second verification form to access your account.

Educate yourself and others

Stay informed about the latest phishing techniques and share this knowledge with others. Awareness is a powerful tool in preventing phishing attacks.

Never click on unknown links or attachments

If you are unsure about an attachment you’ve been sent or a link you’ve been sent, do not click on it. 

Keep you and your personal information safe

Spotting phishing emails is key to keeping your personal and financial information safe. Learn the signs of phishing and take steps to protect yourself. This will help you avoid these scams. Stay alert, and always verify the source if you’re unsure.

For more information and resources on recognising and dealing with phishing emails, you can visit:

Cyber security training: Interactive, bitesize cyber security training to help you protect your business with regular, enjoyable, and memorable staff tuition.

National Cyber Security Centre (NCSC): Official guidance and resources from the UK government.

Action Fraud: The UK’s national reporting centre for fraud and cyber crime.

Get Safe Online: Free advice on online safety, including recognising and avoiding phishing scams.

Power your progress

Join forces with us to build a stronger IT infrastructure, protect your data, and focus on your future.