How to Spot a Phishing Email?
Phishing emails are fake emails designed to trick you into sharing private information, clicking a harmful link, or downloading a dangerous file. They often look like they come from a real company, supplier, bank, delivery firm, or even someone inside your business.
The aim is simple. The sender wants you to act quickly without checking the email properly. This could lead to stolen passwords, financial loss, data breaches, or malware being installed on your device.
The good news is that most phishing emails include warning signs. Knowing what to look for can help you stop a threat before it causes damage.
1. Check the Sender’s Email Address
A phishing email may use a name you recognise, but the email address may not match.
For example, the display name might say “Microsoft Support”, but the actual address could be from a random domain. It may also use small changes that are easy to miss, such as:
Always check the full email address, not just the sender name.
2. Look for Urgent or Threatening Language
Many phishing emails try to create panic. They may tell you that your account will be closed, a payment has failed, or you must act within a short time.
Common phrases include:
Real companies may contact you about urgent issues but they should still communicate clearly and professionally. If an email is trying to rush you, stop and check it first.
3. Be Careful With Links
Fake emails often include links that lead to fake login pages. These pages may look real but they are designed to steal your username and password.
Before clicking a link, hover over it to see where it actually goes. On a phone, press and hold the link to preview it.
Be cautious if the link:
When in doubt, go directly to the website by typing the address into your browser.
4. Watch Out for Attachments
Unexpected attachments can be risky. They may contain malware or lead you to a fake sign-in page.
Be extra careful with files such as:
If you are not expecting an attachment, check with the sender through another trusted method before opening it.
5. Check the Greeting and Message Style
Fake emails often use vague greetings such as “Dear customer” or “Dear user”. Some may also have poor grammar, odd wording, or a tone that does not match the real sender.
However, not all phishing emails are badly written. Some are polished and very convincing. This is why it is important to look at the full email, not just one detail.
Ask yourself:
If something feels wrong, it is worth checking.
6. Be Wary of Requests for Sensitive Information
A major warning sign is any email asking you to share sensitive details. This may include passwords, bank details, payment card numbers, login codes, or personal information.
Legitimate companies should not ask you to send passwords or security codes by email.
You should also be careful with emails asking you to change payment details, approve a transfer, or update supplier bank information. These can be signs of business email compromise.
What Should You Do If You Think an Email Is Phishing?
If you think an email may be phishing, do not click any links, open attachments, or reply to the message.
Instead:
- Stop and check the email carefully. Look at the sender, links, wording, and request.
- Contact the sender another way. Use a phone number or email address you already trust, not the details in the suspicious email.
- Report it internally. If you are at work, tell your IT team or manager.
- Delete the email once reported. Do not forward it unless your company has a safe reporting process.
- Change your password if you clicked a link. Do this through the real website, not through the email.
- Enable multi-factor authentication. This adds another layer of protection if a password is stolen.
Prepare Your Team With Phishing Simulations
CyberProtect helps businesses test and improve staff awareness through phishing simulation. This service sends safe, controlled test emails to your team to see how they respond.
To learn more, speak to a member of the team about phishing simulation and staff cyber security training.

