Skip to main content
Please wait...

Tips for spotting phishing attempts

First of all, what is phishing?

To quote Wikipedia:

" Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication."

So unfortunately there are a lot of people out there trying to trick you and your staff to giving them information.  The most common platform for phishing attacks is email, others include, text messages and also social media.

Tips for spotting phishing emails. 

1. Check the "from" address in the email.

When I say check the from address, I REALLY mean check the from address.  Some mail applications may require you ro hover over the senders name with your mouse to confirm the address is correct.

Phishing example 1

The email address "" has no relation to paypal. Emails from paypal are likely to end in ""

2. Before clicking any links within an email, hover over the link with your mouse and confirm the address.

Phishing example 2

The link for "Microsoft Survey" points to "", this is not a legitimate microsoft link.  A legitimate link is like to end in ""

3. Check for spelling mistakes.  Many phishing emails will contain poor spelling or grammar.

Phishing example 3

Notice the spelling of "Microsoft" is not correct.

4. Review the salutation.  Does the email state your name or words like "Dear customer" or "valued customer". This should be a warning sign.

5. Is there an urgent message in the subject or the content. For example "Account suspended", "Payment transaction unsuccessful" or "urgent payment request"

Phishing attempts try to invoke a sense of urgency or fear into the recipient and trick them into reacting quickly before thinking.  Confirm the email is legitimate before you take any action, even if it appears to be from a colleague or someone you know.  Check with the sender than it is a legitimate request.

6. Review the signature

Phishing example 4

In this example, the title sounds made up, it isn't spelt correctly and the website address looks incorrect too.  Take time to look at the legitimacy of the email.

7. If the email address looks right but something doesn't feel right check with someone else.  Phishers can spoof email addreses these days so if in doubt check that the email is legitmiate.  Either contact the sender, your IT department, your manager or security department if you have one.

8. Do not click unknown attachments.  If you are unsure of the attachment or not expecting it, then don't click on it. Check with the sender first or your IT department that it is legitimate.

In summary, think before you take action.  Review the email thoroughly to ensure it is legitmate and if you are unsure ask.

Add new comment

Restricted HTML

  • You can align images (data-align="center"), but also videos, blockquotes, and so on.
  • You can caption images (data-caption="Text"), but also videos, blockquotes, and so on.