How to spot the signs of a phishing scam

How to spot the signs of a phishing scam

Have you ever received an email from a Nigerian prince offering to send you money? Or received an unsolicited message from your bank asking you to verify your account? If so, then you will likely be aware of the dangers of phishing scams. In recent years, hackers have become increasingly sophisticated and are now using increasingly deceptive techniques to make their emails seem believable.

Phishing scams are fake emails aimed at harvesting your login credentials to access your personal accounts or business systems.

To protect yourself and your business from tricksters, you must know how to spot the signs of a phishing scam.

If you receive an unsolicited email, here are a few practical suggestions to help you identify if the email is genuine or sent as part of a phishing scam.

What is the domain name of the email address?

Firstly, you should always check the senders’ email addresses.

If you have received a legitimate email from a business, it will come from a real domain name (such as It is unlikely that an email will come from a or account unless you are working with independent contractors.

A helpful tip is to click on the senders’ name to enable you to reveal the email address. You should pay close attention to the spelling of the email address – many hackers are now using similar-sounding accounts to appear genuine. For example, you could receive an email from At first glance, you may feel that this was real – but a closer look would show the spelling mistake, and as a result, you can feel confident that this is a scam email.

If you’re still unsure about the organisation’s domain name, we would always recommend typing the domain into a search engine or contacting the company directly to ask if it is genuine.

Have you been asked to open a link or download a file?

Hackers use phishing emails because they want you to open a malicious link or to inadvertently download software that allows them to gain access to your systems.

We are regularly sent links in a corporate environment and asked to download documents to facilitate seamless collaborative working. And it can be tempting to believe that these links are safe.

But unfortunately, the majority of data breaches are caused by human error.

In 2019, an analysis of data breaches reported to the ICO revealed that end-users caused 90% of cyber breaches. And in June 2020, a joint study from Stanford University Professor Jeff Hancock and security firm Tessian also found that 88% of data breach incidents directly result from employee mistakes.

This indicates that significant numbers of employees are not paying close enough attention to internal IT policies and are inadvertently clicking on suspicious links. IT teams and HR departments have much work to educate employees on the importance of adhering to policies and procedures.

If you receive a marketing email that asks you to click on a link, we must know how to test the legitimacy of that link. We recommend that before you click the link, you hover your mouse over the link. A destination address should appear in a pop-out tooltip. Make sure you check that address to confirm its validity.

If you are using your phone to check your emails, you should press and hold the link button. A pop-up will likely appear with a preview that can help you to identify its legitimacy.

Pay close attention to grammar and spelling mistakes

Hackers send phishing emails using automated software. The tricksters are focusing on volume – they will be sending out many thousands of messages simultaneously.

Another tip for spotting a potential phishing scam is seeing a litany of spelling errors and grammatical mistakes. The scammers may be using automated tools to translate the initial message into various languages, so you can often pick up on strange phrasings or other errors.

We recommend that you check to see if the content of the email is consistent with any previous communications when opening an email. Is the style of writing similar (for example, PayPal will always address emails to “first name surname” rather than “user”)? Are there corporate logos or disclaimer notices at the bottom of the footer? Is there an option to “unsubscribe”?

If you’re not sure whether an email is genuine or not, it’s better to err on the side of caution. You could speak to your IT department (or your external IT helpdesk) or contact the organisation directly to ask if they have sent the email.

Alternatively, you should forward the email to the Suspicious Email Reporting Service (SERS) – simply send the email to

If something seems strange to you about the email, then trust your instincts.

It’s always better to be safe than sorry.

We work with businesses across the East of England to improve their resilience to online hackers. Whether you need to gain Cyber Essentials certification, enable Multi-Factor authentication (MFA), or want to benefit from an effective disaster recovery policy, we are here to help.

Please get in touch to find out how we can improve your business resilience and protect you from phishing scams. Phone 01473 355 199 or visit


All articles on this news site are submitted by registered contributors of EssexWire. Find out how to subscribe and submit your stories here »