Phishing emails – how to spot them

Phishing emails are spoofed emails or text messages sent by cybercriminals with the intention of stealing your personal details, company details or bank details. Although phishing emails look like they could be from a legitimate person or company they tend to contain the same predictable errors so, as long as you educate yourself and your staff, you can avoid falling prey to cybercrime. Scammers launch thousands of these attacks every day so it's important to know the Key identifiers so you can avoid them:

  • Suspect subject - does it match the email or say it's a reply when it's not
  • Incorrect domain - check who the email is actually from
  • Poor grammar - read the content carefully
  • Urgency - is the message trying to make you click a link
  • Premium rate phone number - don't click these on your mobile


Typical emails will try to trick you by telling you things like your password has expired, your payment has rejected, ask you to make a payment or confirm details or attack an email for you to open. HMRC phishing emails are particularly notorious and tell you that you are entitled to a tax refund or a grant.

What happens when you click

Sometimes, if you are prompted to click a link you are taken to a fake website where you are asked to enter your details. Other emails will include attachments that will infect your hardware with malware.

Do not open or click links in emails. If you are unsure if it's real or not always be safe, leave the email and go directly to the companies website or main phone number. If you've established that the email is fake and you have IT support then report it straight away so that they can notify others. If you don't have IT support you can report the email to 

How to protect yourself

To avoid getting these emails in the first place you can install email filtering tools such as Spam Titan. Anti-virus and Anti-malware software will protect your machines and Multi-factor authentication also makes it very difficult for cyber criminals to log into your accounts even if they do have your details.

Another way to protect your business is with security awareness staff training and regular, ongoing test phishing campaigns. The majority of phishing email breaches are because of a lack of awareness so educating your staff is key.

The first step to preventing attacks is knowing your risk. If you would like to speak to a member of our team you can book a no-obligation 15-minute Cyber surgery slot here.

Contact Us