Arrow back

How to spot a phishing email

14 November, 2022

Have you ever received an email that didn’t feel right? Like a receipt for an online order you didn't place or a poorly worded email saying you’ve got money back from an annual tax return?

Don’t be fooled by their quirkiness; these are phishing emails, and they are a genuine concern, particularly those unaware of the threats they pose.

In a recent report, it was found that phishing and pretexting (a form of social engineering) represent 98% of social incidents and 93% of breaches, with organisations nearly three times more likely to be breached by social attacks than via technical vulnerabilities.

Recent reports have found that an astonishing 3.4 billion phishing emails are sent per day. Now that’s a lot of emails to avoid!

Spam filters are designed to do what their name suggests and block spam messages! However, according to research from Plymouth’s Centre for Security, Communications and Network (CSCAN), 75% of phishing emails without links and 64% of those with links made their way past spam filters and into the target inboxes. Even worse, only 6% of those emails were marked as malicious by email clients.

As we approach the end of 2022, 39% of UK businesses who have identified cyber attacks identified phishing attempts as their most common vector - A massive rise from 72% in 2017, to 83% to date.

Then it comes down to the person receiving the phishing email. They are the next and in most cases the last filter stopping unwanted intruders from breaking into your data.

So, what can you do to prevent you or anyone in your organisation from taking the bait? Here’s how to spot a phishing email, and how you can reduce organisational risk too.

How can you spot a phishing email?

As humans, we’re not always the best when it comes to judging risk. Some of us receive hundreds of emails a week, with many perfectly legitimate, which can lull each of us into a false sense of security, assuming that every email that we receive is to be trusted.

Making small changes to your habits so that you treat every incoming email with suspicion can make a significant difference when it comes to preventing a potential breach

7 signs to look out for when spotting a phishing email 

The sender's address doesn’t seem right

When you open an email, always check the email address of the sender first. If an email claims to be from a company you know, but the sender’s email address doesn’t match up, then that’s a sign something isn’t right.

Emails from addresses such as ‘’ or ‘’ are early telltale signs that the email is not to be trusted.

The email has poor spelling and grammar

When you’re reading an email, look out for any spelling or grammar errors, and also consider how well-written the email is. Official emails will usually contain no spelling or grammatical errors, typically because professionals wrote them. Criminals, however, tend to cut corners.

Then you need to start asking questions!

The email has an odd use of imagery

Some phishing emails will often use attractive imagery and graphics such as photographs or company logos to make them look more like emails you’d get from a marketing team.
Remember to bare in mind, that just because the email contains nice pictures and looks like it’s laid out professionally doesn’t mean it might not be a phishing email.

Check the logos and images, if they’re blurry, of poor quality or look stretched out, that’s a dead giveaway that somebody has taken it from a quick Google search.

The email is designed to make you panic or make a hasty decision

Many phishing emails are designed to create a sense of urgency or make you panic, such as time-sensitive offers and situations that prompt you to act immediately and make impulsive decisions without thinking.

You might receive an email claiming to be from one of the systems that you use telling you that your account will be deleted if you don’t confirm your email address within an hour. This is a tactic designed to make you panic and throw caution to the wind.

Our research has found that combining a sense of danger with the appearance of an internal email can result in 94% click effectiveness, highlighting just how potent these psychological principles can be.

The email sounds too good to be true

“Good news. Having looked at your tax payments for 2018, you overpaid by £157. Click here to start processing your claim.”

At a glance, you’d probably think it was a nice quick win for your bank account.

Unfortunately, phishing emails usually offer attractive incentives like this so that you rush into getting your hands on it without a second thought. Whenever there’s an incentive in an email, always think twice. Remember, if it reads too good to be true, it probably is!

The URL you're being linked to isn't legit

Hiding a link in an email is easy. Some phishing emails will place links on bits of text or buttons so it doesn’t have to reveal a URL.

But you can check out where a link will take you by hovering your mouse over the text. Take note of the URL and ensure it matches the website you expect before clicking! If the URL doesn't match, then it's probably a phishing email.

For example:
Link Text: Click Here to Update Your Paypal Detail

Another good practice when checking the validity of a link is to look out for an SSL certificate at the beginning of the URL. This will show as https as opposed to just http. When installed on a web server, an SSL (Secure Sockets Layer) allows secure connections from a web server to a browser.

Check the company branding in the email

Phishing emails will try to mimic well-known brands to gain your trust and get you to let your guard down, whether you use those services or not.

If you receive an email from a company that you haven’t subscribed to, that’s probably because it’s a phishing email trying to impersonate that company.

You can easily catch these emails out by comparing them to ones you’ve received before from the company, do the logos match up? Are there glaring differences between the two?

What to do if you click on a phishing email

These are the steps that need to be taken after clicking a phishing link:

- Report the incident to your tech team as soon as possible

- Change login passwords

- Investigate the attack

- Inform the regulators and law authority

Take a look at some of our past blogs to learn more:

How does our phishing training help secure your organisation?

In a recent study, GOV UK found that cyber attacks were better avoided with gradual change within organisations, including communications via email, mock phishing exercises, conversations with specialist staff and informal and formal training. This means that staff are continuously kept interested in and alert to cyber threats.

Our award-winning Bob’s Phishing simulated phishing training is an effective way of teaching your employees about the dangers of phishing emails and how to avoid becoming a victim.

The simulated phishing campaigns allow you to evaluate the threat level phishing could pose to your organisation through the use of tailored phishing exercises and our engaging training courses and awareness materials that reinforce all the key learning points.
You can find out more about our phishing training here.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance