Home > Resources > BLOG > How To Spot a Phishing Email

How To Spot a Phishing Email

How To Spot a Phishing Email

Phishing attacks are, unfortunately, very common. Some attacks are so sophisticated they can fool anyone at first glance. To ensure you don’t fall victim to a phishing attack, here are the signs to look out for.

Firstly, what is a phishing attack?

A phishing attack is when cyber criminals send fake emails that are posing as a reputable source. The intention of these emails is to scam individuals into providing personal details or prompt them to open an attachment that permits a malicious virus of malware to infect their computer.

Attackers attempt to gain the confidence of individuals by ‘pretending’ to be a trusted company. Some phishing attacks are harder to recognise than others, as they incorporate branding elements from the source that they are using as a cover (e.g. a logo, brand colours or brand font). Others use very convincing wording.

However, if you know the details to look out for you can sort the fact from the fiction and avoid being at risk.

How to spot a phishing attack

  1. The sender’s email address looks suspicious

A simple way to spot a phishing email is to look at the sender’s address. Some email addresses are obviously not genuine – for example, getting an email from your ‘bank’ but the sender address is Others are more sophisticated and may include the company’s name within the email in order to appear authentic. For example, a phishing email pretending to be from ACME Pty Ltd may have ACME in the email address, but upon closer inspection you should be able to spot inconsistencies. If in doubt, ignore the email and reach out to the company directly.

  1. The email is asking you to provide personal information

If you receive an email from a company that you don’t have any association with, that is asking you to confirm your personal details or take action relating to your account, you can be pretty certain that it is a scam. However, when an email is disguised to be from a source you are familiar with, it can be difficult to know whether it’s real or fake – especially when it sounds legitimate.

As a rule, there is some information that you should never be asked outside of their context – such as being asked to provide bank details or login credentials over email. Get into the habit of not revealing usernames and passwords in another place than where you use them to login to a service directly. Think of it like your front door key – would you give it to a stranger or try to use it in someone else’s door?

Alongside these other warning signs, you should also be wary of links used in the body of text that ask you to “pay your bill” or “check your account” as these links could open your device to a malicious virus.

If you are unsure whether the company in question is genuinely asking you for details, contact them directly via their official email or phone number.

  1. The email incites panic and fear

A common characteristic of phishing emails is fear-mongering language. Email subject lines may say something like, “Your account has been hacked – take action now!” Or, “Your [X] bill is overdue – make a payment today!” The body of text may go on to say, “If we do not receive a payment of [X] we will pay a visit to your property. To see if your payment has cleared you can use this link to check your account.”

If you read an email that makes you panic and asks you to take action, make sure you take your time to read it carefully, look for mistakes, and be certain is it from a genuine source. And don’t click on any suspicious links or attachments. If in doubt, contact the company directly.

  1. There are typos in the email

Perhaps the easiest way to spot a phishing email is to look for spelling mistakes, grammatical errors and poor wording. A reputable company would not send an important email to a customer that is full of errors or misinformation, so if you receive something like this, you can be sure it’s a phish.

Remember, if in doubt always verify sources independently. Call people back and find out who to contact by other means if not given in the email. Or, contact your IT support or security team to assist before you enter any sensitive information.

On 5 July 2019, ELMO achieved its ISO 27001:2013 certification with no non-conformances. ISO certification is an important way to demonstrate our commitment to security at all levels of the business and that security is a core ongoing and evolving aspect of our business operations & services. To find out more, visit ELMO.