How to spot a phishing email: 8 warning signs

How to spot a phishing email: 8 warning signs

Are you sure that the urgent message from your manager is actually from your manager? Phishing attacks are not a new phenomenon, they continue to play a dominant role in the digital threat landscape.

Not only are they still affecting millions of users and organizations, cyberattacks are becoming more complex and sophisticated. This makes it even more important than before to know how to spot a phishing email.

Read more: anyone can fall victim to a phishing attack, but these 5 teams and companies should be extra careful, as they are fast becoming a favorite phishing target.


What is a phishing email?

The first step is to understand what a phishing email is: a type of scam where criminals impersonate organizations or people you know or trust via email in order to steal sensitive information. They may look like a colleague, a usual supplier, your bank, the tax office, a credit card company, or an online store.

Check Point’s Q4 Brand Phishing Report for 2021 ranked the top 10 most imitated brands. Below are the top 5 brands that are most used in phishing emails and scams:

  • DHL’s brand was used in 23% of all phishing attacks globally
  • Microsoft, with 20%
  • Whatsapp, with 11%
  • Google, with 10%
  • LinkedIn, with 8%
  • Amazon (4%)
  • FedEx (3%)
  • Roblox (3%)
  • Paypal (2%)
  • Apple (2%)


Why is email scamming a growing concern? Find out more here


8 signs of a phishing email


Considering how digitally we work these days, it's only a matter of time before a phishing email reaches your inbox. It is therefore necessary to be well prepared for it to distinguish a fake email from a verified one. The following 8 points will help you to quickly spot a phishing scam.

1. They need you right now

A phishing email often uses a certain degree of urgency. For example, your boss is in trouble, and you need to transfer money right now. Or maybe they need your phone number quickly.

Above all, never react in a hurry to such an email without first checking the following 7 points.


2. They misspelled your name, or it isn’t personalized

The biggest social blunder... They can't even spell your name! No matter how hastily an email is typed, spelling a name should usually not be an issue. So, if the boss you've been working with for 3 years can't even remember your name, it might be a cause for concern.

Another hidden clue to identify phishing emails is when they use generic salutations like “Dear Sir/Madam” or “Deal valued member”


3. The sender's name does not match the email address  

Okay, your boss' name is spelled correctly, but do you see that same name reflected in the email address? In a phishing email, the email address often does not match the sender and can be quickly recognized, provided you pay attention.


4. The domain name is incorrect or not official 

Is the email coming from a Gmail address when you know your boss is a loyal Outlook user? Or has a letter been replaced by a number? Sometimes letters are left out or just added. The difference between and is easily overlooked.

Make sure the email is sent from a verified domain by checking the “sent” field.


5. Grammar leaves much to be desired

Some scammers should go back to school because their sentence structure is nothing like it used to be! Scam emails contain poor spelling and grammar mistakes. Some theories say that this is to avoid spam filters that look out for keywords and phrases commonly found in phishing emails, or to make it look more authentic and believable.

In addition, the texts have often been shaped to your language via a translation site, resulting in sentences that don’t make sense.

It is important to also keep an eye on the formatting, font and other aspects that can appear inconsistent.


6. Suspicious attachments and links

The first rule of the Internet: don't open just anything.

Why would a colleague or your boss send you an attachment when you all work on the Cloud? Always be on the lookout for unfamiliar extensions like .zip, .exe, .scr, etc.

You can spot a malicious link if the URL doesn’t match the content or company of the sender. For example, if the sender is DHL, you would expect a link to DHL’s website. Be careful with small typos like “DHI”, “microsoftr” or “Vlsa” - one letter can make all the difference!

Tip: if there’s a link behind a button, ALWAYS hover your mouse over the link – without clicking on it! - to see the URL at the bottom of the browser.
On top of that, ensure the link begins with https:// (secure connection), and not http:/\.

Be careful with these links and attachments as they can contain malware, or they are intended to capture sensitive information (like login details, credit card details, personal data, etc.). Verizon Data breach Investigations Report noticed an increase in ransomware attacks by 13% in 2021.

Make sure you check everything thoroughly before you download or click on anything.


7. The Nigerian prince is coming to meet you 

Sometimes an email is just too good to be true. Did you just win the lottery? Do you get a reward by opening the link? Are you getting a few million from a Nigerian prince? Usually the answer is: no, of course not.


8. They do get very personal all of a sudden

Look, we're all pretty private. Why on earth would someone suddenly need your bank details, phone number, or other personal information? You would make the wrong person very happy if you just shared these things with them. Banks and hospitals never suddenly ask you for your personal information, so stay alert!


Read more: what are the most common phishing mistakes every organization make, and how can you prevent them?


Smartlockr spots and prevents phishing attacks so your employees can work securely

In today’s changing digital landscape, it’s important that your organization has the tools to stop criminals targeting your employees. Training employees in how to identify malicious emails – and report them – is essential in order to protect them, their data and the company’s data. Smartlockr keeps you aware of when you are sending information outside of your company and when you are sharing sensitive information.


Probeer nu vrijblijvend

Similar posts