How to spot phishing emails

Scam artists and hackers use phishing emails to trick people into handing over their personal information online, such as passwords, bank account numbers and credit card numbers. It’s thought there are 3 billion fake emails sent a day with many containing phishing scams. While most people can spot a scam email when it looks clearly fraudulent, some are so incredibly convincing that people fall for them. 

Without the right awareness and training, phishing scams can cause huge problems for businesses and take away people’s livelihoods. With fraud costing the UK £193bn a year and phishing attacks on the rise, it’s vital that everyone can spot a phishing email. So how can you spot a phishing email from a genuine message? Learn how to spot a phishing email with these key things to look out for.

A mismatched URL

The first thing you should look out for when checking a suspicious email is the integrity of embedded URLs. Within the content you will find that the URL appears to be a valid address, however, closer inspection can reveal otherwise. If you hover your mouse over the top of the link, you should be able to see the hyperlink address. Does this match the address displayed in the text? If not, then it could very well be a scam.

Misleading domain name

Scammers know that not everybody understands the naming structure for domains so use this to their advantage. Using misleading domain names is a popular technique to convince people they’ve received  correspondence from big companies such as Apple or Microsoft. A phisher simply creates a child domain bearing the brand name which easily fools those unaware of the structure of domain names. For example, while is a legitimate domain name, is not. Another way scammers sometimes use misleading domains is by misspelling - looks like a real name, but the ‘i’ is replaced by an ‘l’. 

Poor spelling and grammar

Emails sent out by large companies are usually reviewed meticulously in-house for spelling, grammar, compliance and fact-checking to name a few. If you receive an email seemingly from a big business that contains poor spelling and grammar, it likely didn’t come from them.

Request for personal information

Phishing scammers are very good at creating official-looking emails including those that ask for personal information. However, it’s not a good sign if you get a message like this. If you receive a message from your bank asking for an account number, it’s something they already have - there’s no reason why they should ask you, particularly via email. Likewise, a trusted company would never send you an email asking for your password, credit/debit card number or your answer to a security question.

The offer is unbelievable

It is common to receive exclusive discounts and offers from trusted companies through email. But there is a saying that remains true for some offers: “if it’s too good to be true, then it probably is.” If you receive a message from someone you don’t know making big promises, it’s probably a scam.

You didn’t start the action

Have you ever received an email saying you’ve won something even though you haven’t entered anything? A typical example of this is receiving an email informing you that you’ve won the lottery despite never buying a ticket for that draw. Any message that says you’ve won something you didn’t enter is most likely a scam.

You’re asked to send money

If you’re ever asked for money in an email, it’s likely a phishing scam. The initial message may not request cash but at some point, phishers will ask for money to cover expenses, fees, or something business-like. If this happens, you know you’re dealing with a scammer. It’s also quite common for scammers to ask for money for gift cards.

Unrealistic threats

Most phishing scams use incentives to trick people into sending their money or sensitive information. Sadly, there are scammers who use intimidation to scare their victims into handing over details. For example, you could receive an email seemingly from your bank saying your account has been compromised, and if you don’t submit sensitive information, your account could be frozen. 

It’s not possible for a bank to close your account just because you haven’t filled out a form in an email message - it wouldn’t be legal. The unrealistic nature of the threat means it’s clearly a scam.

Government agency

Scammers who really want to intimidate their targets will pose as a government agency to strike fear into their victims. Receiving an email from someone who claims to be from the UK Government or the police could strike fear into any law-abiding individual. The fear of being reprimanded for something is enough of a threat to give into the scammer’s demands. 

Government bodies and law enforcement agents rarely use emails as the first point of contact. That isn’t to say neither sectors use email to contact citizens or businesses but there are usually protocols that are followed. Email-based extortion certainly isn’t one of those protocols, so anything like this is a scam.

It just doesn’t look right

Sometimes a gut instinct will inform you when something doesn’t look right. You can usually tell when something is off just by looking at it and scam emails are the same. If you receive an email that seems suspicious, it’s best to report it as spam and don’t act on anything it says. Instead, try to get in touch with the sender using a different medium.