Skip to content

How to Spot a Phishing Email

David West Sep 9, 2020 12:00:00 AM
Laptop screen displaying a warning notice for a phishing scam

Cybercriminals know that the weakest part of your cybersecurity is your employees, in fact, human error caused 90% of cyber data breaches in 2019.

Not long ago, phishing was primarily aimed at the consumer market, and malware was considered the biggest threat to businesses. Today, phishing is the top social attack on businesses and responsible for most security breaches.

Before we delve into how to spot a phishing email, let’s first explain what they are and what they can do.

What is phishing?

Phishing is a type of social engineering attack often used to steal your data, including login credentials and credit card details. It happens when an attacker, disguised as a trusted entity, cons a potential victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, as part of a ransomware attack or the revealing of sensitive information.

An attack can have devastating results. For individuals, this includes unauthorised purchases, the stealing of funds, or identify theft.

Furthermore, phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack, such as an advanced persistent threat (APT) event. Employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data.

Any organisation that experiences such an attack typically suffer severe financial losses in addition to a damaged reputation, and consumer trust.

Tightening your security with advanced email filtering solutions such as SpamTitan is certainly a great step to take, but we think the most valuable precaution a business can take is educating its users. After all, they will be receiving these emails.

Our carefully selected technologies work together to educate your team, continually assess cybersecurity risk and further protect possible attack vectors. Discover how our Managed Cyber Security Service will benefit your business.

How to spot a phishing email

There are a couple of key indicators which if you learn and keep in mind you can drastically reduce your chances of being phished! Here are our top 8 red flags to look out for.

1. The from address is from a freemail account or misspelt

Don’t just check the name of the person sending you the email. Check their email address by hovering your mouse over the ‘from’ address. Unless cybercriminals have compromised the organisation’s email systems, they’ll have to use a different domain. This usually involves a public email domain, such as Gmail, in which case the message will come from an address that looks like, for example, ‘’.

Always inspect the email address closely, make sure there are no spelling mistakes or alterations made in the email address, such as additional numbers or letters. Here it’s our domain but with an extra T – at a quick glance you probably wouldn’t spot this!

Snippet of a fake email titled "URGENT! Payment Needed" from field states Adam Harling, however, the company email is spelt wrong <>

2. The email states urgent action is required

Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often they’ll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams.

3. The content seems out of character

If you have received, what looks like a legitimate email from a colleague that seems out of character, take a moment to ask yourself “would this person really contact me about this?”

If you’re in any doubt whatsoever, speak to that person either over the phone or face-to-face. If you reply to the email itself, there’s a good chance the attacker already has control of their mailbox and could reply to confirm the initial request, perhaps more convincingly the second time.

4. An impersonal greeting

Fraudsters often send thousands of phishing emails at one time. They may have your email address but not your name so an impersonal message could spell a mass-scale phishing campaign.

Be sceptical of an email sent with a generic greeting such as “Dear Customer” or “Dear Member”.

5. The email has bad spelling or grammar

Spelling and grammar can play a big role in the detection of a phishing message. Check for fonts that don’t match the brand, spelling mistakes and grammatical errors. An email from a legitimate organisation should be well written.

Believe it or not but hackers send error-ridden emails on purpose to weed out individuals that may be less observant or unable to recognise mistakes – making them easier targets.

6. You should check suspicious-looking URLs

If you suspect that an email message is a scam, do not open any links that you see. Instead, hover your mouse over, but don’t click, the link to see if the address matches the link that was typed in the message. You can also test links by typing them into a URL checker.

7. The email links to a fake website

To trick you into disclosing your user name and password, fraudsters often include a link to a fake website that looks like the sign-in page of a legitimate website. However, just because a site includes a company’s logo or looks like the real page doesn’t mean it is. Check the web addresses carefully, for example, or

Check out “How to spot a fake, fraudulent or scam website” by Which? for a full list of tips.

8. The email has a strange or unexpected attachment

Unsolicited emails that contain attachments reek of hackers. Typically, authentic institutions don’t randomly send you emails with attachments but instead direct you to download documents or files on their own website.

Sometimes companies that already have your email will send you information, such as a white paper that may require a download. In that case, be on the lookout for high-risk attachment file types include .exe, .scr, and .zip.

When in doubt, contact the company directly using contact information obtained from their actual website.

How to prevent phishing

Phishing attack protection requires steps to be taken by both users and enterprises.

For users, vigilance is key. A spoofed message often contains subtle mistakes that expose its true identity. These can include spelling mistakes or changes to domain names, as seen in the earlier URL example. Users should also stop and think about why they’re even receiving such an email.

For enterprises, a number of steps can be taken to mitigate both phishing and spear-phishing attacks:

  • Two-factor authentication (2FA) is the most effective method for countering phishing attacks, as it adds an extra verification layer when logging in to sensitive applications. 2FA relies on users having two things: something they know, such as a password and user name, and something they have, such as their smartphones. Even when employees are compromised, 2FA prevents the use of their compromised credentials, since these alone are insufficient to gain entry.
  • In addition to using 2FA, organisations should enforce strict password management policies. For example, employees should be required to frequently change their passwords and to not be allowed to reuse a password for multiple applications.

Read our guide “12 good password habits to make” to get you started.

  • Educational campaigns can also help diminish the threat of phishing attacks by enforcing secure practices, such as not clicking on external email links.

User education is something we at Netitude strongly advocate – it’s low on cost and is arguably the most effective way to effectively protect your business against this type of threat.

Phish your own users – no, really!

CTO of network security giant WatchGuard, Corey Nachreiner said “I believe your phishing education program isn’t complete until you phish your own company’s tank. By that, I mean sending fake (but realistic) phishing emails to all your users to see if they fall for them.”

Read the full article “Phishing Your Employees for Schooling & Security” on DarkReading.

Tools such as KnowBe4’s free phishing test allow you to send a customised phishing email to your users as a test. Based on who interacts with the emails you can then design a training program for your employees to teach them how to identify a phishing email, harmful attachment and so on.

Get tips on how to put together an effective training plan in our blog titled “why security awareness training is important”.

As part of our Managed Cyber Security service, we give your staff training on identifying and protecting themselves against attacks such as phishing. If you are interested in learning more about this service, get in touch with a member of the Netitude team today!

Have a query? Contact the team today!