How to Spot a Phishing Email – 7 Red Flags

Geraldine Strawbridge


Every day millions of scam emails flow into the inboxes of users across the world. While it’s painfully obvious that some are completely fraudulent, phishing emails – particularly those targeted at businesses – are becoming much more sophisticated and difficult to spot.

Phishing attacks have always been a security threat, but Covid-19 has led to a massive increase in these types of scams. According to Sophos’ Phishing Insights Report 2021, 70% of organisations have noted a significant increase in phishing attacks since the pandemic began.

While phishing attacks come in many different forms, phishing emails remain the number one attack method and are behind 91% of all cyber attacks worldwide.

Increasingly, phishing emails are carefully researched, and criminals will use a variety of different tactics to evade detection technologies and trick unsuspecting users. If a victim is unlucky enough to fall for the scam, it can set off a chain of events that could lead to a devastating cyber attack.

While some phishing attempts can be stopped with security tools, it’s inevitable that some will reach their intended targets. Users need to remain vigilant and closely evaluate any emails that they receive.

Phishing Email Red Flags

Today’s phishing emails are increasingly well-written, personalised and contain the logos and language of brands we trust. They’re crafted so cleverly that it can be difficult to tell which ones are real or fake. Despite this attention to detail, there are often some common red flags that can help you identify an attack.

1. Inconsistencies in Email Address and Domain Names

Fraudsters know that not everybody understands the naming structure for domains so they take advantage of this lack of knowledge. For example, if you receive an email, your inbox will display a name like ‘Netflix’ and the subject line. However, upon closer inspection, you may find that the display name does not match the sender address. While is a legitimate domain name, is not. Another tactic is to use misleading domains by misspelling a single character. Always check if the address matches the name of the sender and whether the domain of the company is correct.

2. A Mismatched URL

Fraudsters will go to great lengths to conceal phishing links within emails. They’ll often hide the destination address behind a button or use a shortened URL to appear legitimate. If you suspect that an email message is a scam, do not open any links that you see. Instead, hover your mouse over the top of the URL and you’ll see the full hyperlinked address appear. If the hyperlinked address is different from the address displayed, the message is probably fraudulent and likely to be a phish.

3. A Sense of Urgency

Be wary of any emails that create a sense of urgency or demand that immediate action is taken. The most effective phishing emails include psychological triggers to get people to click. For example, ‘Your account has been suspended’, ‘There has been an unauthorised login attempt on your account’ or ‘Congratulations, you’ve won!’. Attackers prey on basic human emotions and want their victims to act quickly and without thinking. If an email is causing you to have an urgent emotional or behavioural response, take a step back to assess the validity of the request.

4. Impersonal Greeting

If an email does not directly address you, it should act as an immediate red flag that it has been auto-generated and sent out to thousands of people at the same time. Phishing emails will typically remain vague by not addressing the recipient directly or by using a generic greeting such as ‘Dear Customer’ or ‘Dear Account Holder’. If the language seems even the slightest bit off, it’s worth checking for other signs that the email could be fraudulent.

Phishing Email Red Flags

 Image: Example of a Phishing Email

5. Grammar, Spelling and Punctuation Errors

Despite the increasing sophistication of phishing emails, there are often some grammatical, punctuation and capitalisation errors that can give the game away. If the emails are being sent from non-English speaking countries, fraudsters will run their messages through a spellchecker or translation app which will give them the right words but not necessarily in the right context. Emails from legitimate organisations tend to be well-written so if there’s something about the message that just doesn’t look or feel right, it’s likely to be a scam.

6. Suspicious Attachments

No matter what way phishing emails are delivered, they all contain a payload. This will either be an infected attachment that you’re asked to download or a link to a dodgy website. These payloads are designed to capture sensitive information, such as login details, credit card details and account numbers. Always be wary of any email that asks you to open an attachment, even if it appears to come from someone you know. Particular caution should be applied to high-risk attachment file types such as .exe, .scr, PDF, or Zip files. If in doubt, contact the sender through an alternative means of communication and ask them to verify the request.

7. A Request for Money or Personal Information

If an email contains a request for personal, business, or financial information, alarm bells should be ringing. Reputable companies are unlikely to ask for such personal information in an email. If there is some action that they would like you to take, they will direct you to login in via their website, rather than clicking on a link or opening an attachment. Visit the official website, log in to your account, or phone their advertised phone number. Don’t click on any links or use the contact details that have been provided in the email.

Think Before you Click

Attackers don’t want you to think, and they especially don’t want you to think critically. Taking the time to properly evaluate the intention of an email is crucial if you want to avoid being phished.

When you receive an email, ask yourself the following questions:

  • Does the email come from someone I know?
  • Was I expecting this email?
  • Is the email genuine – source address, spelling and context?
  • Is the link legitimate – such as the destination of the URL?
  • Is the email eliciting an urgent emotional or behavioural response?

Just spending a bit of time answering these questions can vastly improve your ability to detect phishing emails.

How we can help

As an ISO 27001 certified Managed Service Provider, we understand how valuable your data is and what steps need to be taken to protect it. We provide a full range of IT services that include advanced security, round-the-clock monitoring, data encryption, network and firewall protection, anti-virus software, backups, and disaster recovery. We identify gaps that need to be plugged and work closely with you to ensure your IT systems are aligned with the latest technologies and security protocols.

To find out how we can help protect your business, get in touch for further information.