Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            How to Spot Phishing Attempts

            Modified on Mon, 10 Nov, 2025 at 6:34 PM

            How to spot a phishing email begins with knowing what phishing is...


            The first step in spotting a phishing email comes with understanding what a phishing email is. The most accurate definition of a phishing email is an email sent to a recipient with the objective of making the recipient perform a specific task. The attacker may use social engineering techniques to make their email look genuine and include a request to click on a link, open an attachment, or provide other sensitive information, such as login credentials.

             

            Socially engineered phishing emails are the most dangerous. They are constructed to be relevant and appear genuine to their targets. The recipient is more trusting of the email and performs the specific task requested in the email. The results can be devastating. If the recipient clicks on a link to a malware-infected website, opens an attachment with a malicious payload, or divulges their login credentials, an attacker can access a corporate network undetected.


            Why are socially engineered phishing emails so effective?


            It’s actually quite scary how much you can find out about an individual on the Internet without having to hack databases or trick somebody into divulging confidential information. Hackers can quickly accumulate personal information from social media sites, professional profiles, and other online publications in order to identify the triggers that people respond to.

             

            It would not be too difficult to find details of an employee's children, the school they attend, and an event happening at the school in order to send the parent an email inviting them to click on a link or open an attachment about their child’s participation in the event. With the advent of Machine Learning and Artificial Intelligence, phishers will be able to collate this information much more quickly in the future.   

             

            7 Ways to Spot Phishing Emails


            Socially engineered phishing emails often evade detection by email filters due to their sophistication. They have the right Sender Policy Frameworks, and SMTP controls to pass the filter’s front-end tests and are rarely sent in bulk from blacklisted IP addresses to avoid being blocked by Realtime Blackhole Lists. Because they are often individually crafted, they can even evade detection from advanced email filters with Greylisting capabilities.

             

            However, phishing emails often have common characteristics; they are frequently constructed to trigger emotions such as curiosity, sympathy, fear, and greed. If employees are advised of these characteristics – and told what action to take when a threat is suspected – the time invested in training employees in how to spot a phishing email can thwart attacks and network infiltration by the attacker.

             

            1. Emails Demanding Urgent Action

            Emails threatening a negative consequence, or a loss of opportunity unless urgent action is taken, are often phishing emails. Attackers often use this approach to rush recipients into action before they have had the opportunity to study the email for potential flaws or inconsistencies.

             

            2. Emails with Bad Grammar and Spelling Mistakes

            Another way to spot phishing is bad grammar and spelling mistakes. Many real companies apply spell-checking tools to outgoing emails by default to ensure their emails are grammatically correct. Those who use browser-based email clients apply autocorrect or highlight features on web browsers.

             

            3. Emails with an Unfamiliar Greeting or Salutation

            Emails exchanged between work colleagues usually have an informal salutation. Those that start “Dear,” or contain phrases not normally used in informal conversation are from sources unfamiliar with the style of office interaction used in your business and should arouse suspicion.

             

            4. Inconsistencies in Email Addresses, Links & Domain Names

            Another way how to spot phishing is by finding inconsistencies in email addresses, links, and domain names. Does the email originate from an organization that you correspond with often? If so, check the sender’s address against previous emails from the same organization. Look to see if a link is legitimate by hovering the mouse pointer over the link to see what the URL is. If an email allegedly originates from (say) Google, but the domain name reads something else, report the email as a phishing attack.

             

            5. Suspicious Attachments

            Most work-related file sharing now takes place via collaboration tools such as SharePoint, OneDrive or Dropbox. Therefore, internal emails with attachments should always be treated suspiciously – especially if they have an unfamiliar extension or one commonly associated with malware (.zip, .exe, .scr, etc.).

             

            6. Emails Requesting Login Credentials, Payment Information or Sensitive Data

            Emails originating from an unexpected or unfamiliar sender that requests login credentials, payment information, or other sensitive data should always be treated with caution. 99.9% of companies will never ask you to reply to an email with credit card or login information.  Spear phishers can forge login pages to look similar to the real thing and send an email containing a link that directs the recipient to the fake page. Whenever a recipient is redirected to a login page, or told a payment is due, they should refrain from inputting information unless they are 100% certain the email is legitimate. Check the URL in the top browser bar. Does it match the URL you normally use to view your account?

             

            7. Too Good to Be True Emails

            'Too good to be true' emails are those which incentivize the recipient to click on a link or open an attachment by claiming there will be a reward of some nature. If the sender of the email is unfamiliar or the recipient did not initiate the contact, the likelihood is this is a phishing email. Eg - an email that says you've won a free car or a free cruise, but you don't recall ever entering into such a drawing. 

             

            “If You See Something, Say Something” – How to Stop Phishing Emails

             

            Conditioning employees on how to spot and report suspicious emails – even when opened – should be an employee-wide exercise. The chances are that if one person is the subject of a phishing attack, other employees will be as well. “If you see something, say something” should be a permanent rule in the workplace, and it is essential that employees have a supportive process for reporting emails they have identified or opened.





            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0