There are lots of ways to spot phishing email, but here are 7 of the most obvious:

  1. Bad grammar and spelling errors
  2. Unusual greetings
  3. Creating a sense of urgency
  4. Unfamiliar email addresses or links
  5. Requests for sensitive information like login details
  6. Suspicious attachments
  7. Too good to be true proposals

Bad grammar and spelling errors

You might like to think this is because email scammers are either writing in their second language, or because you’re a lot smarter than they are – but this has a purpose. People who recognise that it’s probably a scam based on bad grammar and spelling errors aren’t the target audience of this kind of email. Instead, they’re looking for people who might be taken in by a phishing email despite poor spelling and grammar. It can unfortunately be a way for cyber criminals to identify more vulnerable targets.

Unusual greetings

Email addresses can be spoofed. This means it might look like you’re receiving one from a colleague, but it could be a scammer instead. These can often be spotted, because they don’t sound quite right. Does Dave from accounts usually say ‘Hiya….’? Does Helen from HR end every email with a ‘x’? If instead you receive a business-like email from them that starts ‘Dear <insert name here>’, you might want to give them a quick ring and check the email is actually coming from them, before acting upon anything within it – especially if it involves transferring money!

Creating a sense of urgency

This could be done in a number of ways. The tone of the email could be snippy and aggressive, asking you to do something RIGHT NOW. It could involve lots of exclamation marks!!!!! It could involve threats like ‘If you don’t do this right now, something bad will happen.’ It could involve claims that they’ve hacked your computer and have seen things on there you don’t want them to release. This sense of urgency is designed to have you react and take action, before you’ve thought things through and realised they might not be what they seem.

Unfamiliar email addresses or links

Sometimes you might get an email that appears to be from a well-known company, with a recept for an item you haven’t purchased. These usually contain a link saying ‘didn’t make this purchase? Click here to talk with the help team’ or something similar. However, if you look at the email address it was sent from, it’s often something like ‘[email protected]’ which is definitely NOT somewhere a big company would send from. If links look weird as well, perhaps with a . in the middle of the company name somewhere, that’s another tell-tale sign that the email is someone phishing for your information.

Requests for sensitive information like login details

Most companies/ colleagues/ normal, non-cybercriminal citizens won’t ask you for things like this via email. Ever. If someone is asking you for sensitive information, give them a call first to check it’s legitimate. If it appears to be from a large company, it’s most likely to be a scam.

Sometimes these requests for sensitive details can be quite tough to spot, for example an email supposedly from Facebook asking you to log in, they may have recreated a page that looks incredibly like Facebook’s login page, so you’d be unlikely to tell the difference. This is why it’s important to check the URLs that links are taking you to. If you’re unsure, you could always type Facebook’s URL into your browser and sign in that way, rather than using links in an email.

Suspicious attachments

We can’t go on together, with suspiciousss fiiiiles…..were definitely not the words of Elvis Presley. But maybe if they had been, fewer people would get hit by phishing scams. If you have received an attachment you weren’t expecting, or with an unfamiliar file extension, even if it seems to be from someone you know, again, picking up the phone for a quick call will never hurt. Opening a scammy file can unleash things onto the computer system that you’d rather not be unleashed!

Too good to be true proposals

Many people have received daft-sounding emails before from a prince from foreign lands who needs you to look after his money in your bank account. They often sound so ludicrous, it’s a wonder it ever works, but again, these emails are targeting the more vulnerable in society. Those who are unable to distinguish what may and may not be a phishing email for any reason. That’s just one example of a ‘too good to be true’ scenario, but the saying ‘if it’s too good to be true then it probably is’ is there for a reason. Sometimes it can be much more subtle, and require more thought.

Phishing emails and online scams in general are forever changing, and it can be hard to keep up. No member of staff should feel silly for accidentally falling for one. But that said, it really highlights the importance of ongoing training and phishing tests to make your team aware what’s actually possible when it comes to scams. For more information on that, please get in touch.