Arrow back

How to spot and prevent malicious emails

08 July, 2022

You might have heard that phishing attacks are the most common type of cybersecurity incident we face. Well, there’s a good reason for that.

Research shows that employees receive an average of 14 malicious emails annually, and new phishing scam tactics are frequently designed to catch people out.

However, identifying a malicious email is not always as easy as you think. With cybercriminals using more sophisticated techniques to trick email recipients into believing the email is genuine, these attacks are getting harder to stop.

The most common reason for data breaches is human error. As such, educating your employees on how to recognise cyberattacks is crucial for protecting your business from the consequences, ranging from financial loss to reputational damage.

When your team is given the proper training, your team become an essential part of your security.

Check out these top suggestions for identifying and preventing pesky phishing emails.

How to detect a malicious email

Double-check the sender’s email address

Your first port of call is to check and then double-check the sender’s email address to see whether it is from a company domain or public domain.

Malicious emails are more likely to be sent from a public domain email address - for example, one that ends with or These email addresses are free to set up and are easier for criminals to utilise without getting traced, as they don’t have to provide payment details.

You should also look for any unusual email sender names, as a genuine one from a business will usually be from ‘customersupport@’ or similar. If there is an unknown person’s name, some extra characters or a misspelling, then this could be a sign that it is a malicious email. “l” can look a lot like “1” in an email address at a glance.

Look for mistakes in the content of the email

Another clue to look out for is whether there are any mistakes in the email, such as spelling errors or bad grammar. Genuine business emails are typically professional and error-free.

Flag requests for high-risk data

All employees should be trained to question any request for data. In some phishing scams, criminals will pretend to be a person of authority or someone known to the recipient. By appearing to be a colleague or senior manager, for example, attackers have a better chance to pressurise the victim into sharing personal data or login credentials.

Be careful with urgent messages

A common technique used in email scams is to apply urgency. ‘We have contacted you several times and not received a response’ or ‘take action immediately’ are common tactics. Attackers may also use red font or colouring within the email as this psychologically makes people perceive the request as urgent.

Employees should be very wary of any emails that try to panic them into a fast response, as this is to prevent them from having time to question the authenticity and make the relevant checks.

How to prevent falling victim to malicious emails

Arm your employees with the cybersecurity knowledge they need to spot and stop phishing attacks in your organisation. With Bob’s Phishing and Bob’s Culture, we deploy targeted and tailored phishing emails to your team that simulate real phishing attacks. Staff that click are automatically assigned training which helps to create positive new behaviours around phishing attempts.

Book a free consultation with one of our cybersecurity experts to discuss how to decrease the risk of phishing attacks in your organisation today.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance