Skip to content

How to spot a Phishing email

David West Sep 9, 2020 12:00:00 AM
Laptop screen displaying a warning notice for a phishing scam

Cybercriminals know that the weakest part of your cybersecurity is your employees. In fact, human error caused 90% of cyber data breaches in 2019.

Not long ago, phishing was primarily aimed at the consumer market, and malware was considered the biggest threat to businesses. Today, phishing is the top social attack on companies and is responsible for most security breaches.

Before we delve into spotting a phishing email, let’s first explain what they are and what they can do.

What is phishing?

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

The information is then used to access important accounts and can result in identity theft and financial loss.

Common features of phishing emails

There are a couple of key indicators that you can drastically reduce your chances of being phished. So here are our top 8 red flags to look out for.

1. The from address is from a freemail account or misspelt

Don’t just check the name of the person sending you the email. Instead, check their email address by hovering your mouse over the ‘from’ address. Unless cybercriminals have compromised the organisation’s email systems, they’ll have to use a different domain. This usually involves a public email domain, such as Gmail, in which case the message will come from an address that looks like, for example, ‘’.

Always inspect the email address closely, make sure there are no spelling mistakes or alterations made in the email address, such as additional numbers or letters. For example, here it’s our domain, but with an extra T – at a glance, you probably wouldn’t spot this!

Snippet of a fake email titled "URGENT! Payment Needed" from field states Adam Harling, however, the company email is spelt wrong <>

2. The email states urgent action is required

Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often they’ll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing scams to gain sensitive information.

3. The content seems out of character

If you’ve received what looks like a legitimate email from a colleague that seems out of character, take a moment to ask yourself, “would this person really contact me about this?”

If you’re in any doubt whatsoever, speak to that person either over the phone or face-to-face. If you reply to the email itself, there’s a good chance the attacker already has control of their mailbox and could respond to confirm the initial request.

4. An impersonal greeting

Fraudsters often send thousands of phishing emails at one time. They may have your email address but not your name, meaning an impersonal message could spell a mass-scale phishing campaign.

Be sceptical of an email sent with a generic greeting such as “Dear Customer” or “Dear Member”.

5. The email has bad spelling or grammar

Spelling and grammar can play a big role in detecting a phishing message. Check for fonts that don’t match the brand, spelling, and grammatical errors. An email from a legitimate organisation should be well written.

Believe it or not but hackers send error-ridden emails on purpose to weed out individuals that may be less observant or unable to recognise mistakes – making them easier targets.

6. Check URLs from suspicious-looking emails

Don’t open any links if you suspect an email message is a scam. Instead, hover your mouse over the link to see if the address matches the link that was typed in the message. You can also test links by typing them into a URL checker.

7. The email links to a fake website

To trick you into disclosing your login credentials, fraudsters often include a link to a malicious website that displays a sign-in page. Be careful; just because a site includes a company’s logo or looks real doesn’t mean it is.

Check the web addresses carefully, for example, or If in doubt, exit the website.

8. The email has a strange or unexpected attachment

Unsolicited emails that contain attachments reek of hackers. Typically, authentic institutions don’t randomly send you emails with attachments but instead direct you to download documents or files on their website.

Sometimes companies that already have your email will send you information, such as a white paper that may require a download. In that case, be on the lookout for high-risk attachment file types include .exe, .scr, and .zip.

Contact the company directly using contact information obtained from their actual website when in doubt.

How to prevent phishing attacks

Phishing attack protection requires steps to be taken by both users and enterprises.

For users, vigilance is vital. For enterprises, several steps can be taken to mitigate both phishing and spear-phishing attacks:

  • Two-factor authentication (2FA) is the most effective method for countering phishing attacks, as it adds an extra verification layer when logging in to sensitive applications.
  • In addition to using 2FA, organisations should enforce strict password management policies. For example, employees should be required to frequently change their passwords and not reuse a password for multiple applications.
  • Educational campaigns can also help diminish the threat of phishing attacks by enforcing secure practices, such as not clicking on external email links.

CTO of WatchGuard, Corey Nachreiner, said “I believe your phishing education program isn’t complete until you phish your own company’s tank. By that, I mean sending fake (but realistic) phishing emails to all your users to see if they fall for them.”

Tools such as KnowBe4’s free phishing test allow you to send a customised phishing email to your users as a test. Based on who interacts with the emails, you can then design a training program for your employees to teach them how to identify a phishing email, harmful attachment, etc.

It’s time to not only get your defences in place but have a plan for if the worst happens. Watch our webinar on Backup & Disaster Recovery – the art of business continuity and getting things back up and running quickly after the worst happens.

It’s time to not only get your defences in place but have a plan for if the worst happens. Click to watch our webinar for advice.