How to Spot a Phishing Email: A Quick Guide

Published: June 17, 2025

Phishing is a type of cyberattack where criminals send fraudulent emails that appear to be from legitimate sources, like your bank, a delivery company, or even your own IT department. Their goal is to trick you into revealing sensitive information, such as passwords, credit card numbers, or installing malware. Here are the key red flags to look for.

1. Mismatched Sender Address

Always check the sender's email address, not just the display name. Scammers often use display names like "Microsoft 365 Support" but the actual email address will be a random Gmail account or a misspelled domain (e.g., `support@mĂ­crosoft.com`). Hover your mouse over the sender's name to reveal the true address.

2. Urgent or Threatening Language

Phishing emails often create a sense of urgency or fear to make you act without thinking. Look out for phrases like "Your account has been suspended," "Urgent action required," or "Unusual login detected." Legitimate companies rarely use such high-pressure tactics in their emails.

3. Suspicious Links or Attachments

Never click on links or open attachments in an unexpected email. Before clicking, hover your mouse over the link to see the actual URL it will take you to. If the URL looks strange or doesn't match the company it claims to be from, don't click it. Be especially wary of unexpected invoices, shipping confirmations, or zip files.

4. Generic Greetings

Legitimate companies you do business with will almost always address you by your name. Be suspicious of generic greetings like "Dear Customer," "Valued Member," or "Hi [email protected]." This often indicates the email has been sent to thousands of people.

5. Poor Spelling and Grammar

While not always the case, many phishing emails are full of spelling mistakes and grammatical errors. Large, professional companies have teams that review their communications. Obvious errors are a major red flag.

What to Do If You Suspect an Email is Phishing

  • Do not click any links or open attachments.
  • Do not reply to the email.
  • Delete the email immediately.
  • If the email impersonates a company you do business with, you can contact them through their official website or phone number (never use the contact info in the suspicious email) to verify the communication.

Cybersecurity awareness is the first line of defence. For businesses in Bedfordshire and Hertfordshire looking to train their staff or implement advanced security measures, The Tec Wizard offers expert guidance and support.