Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Meet the MetaCompliance Leadership Team


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

How to Spot a Phishing Scam

How to Spot a Phishing Scam

about the author

Share this post

Spotting a phishing scam can be difficult unless you know what signs to look out for. Phishing emails are becoming so convincing and realistic that it’s sometimes hard to know what’s genuine and what’s a scam. Often hackers will create a sense of urgency in phishing attacks to encourage users to react before they think.

Phishing attacks are a serious cyber security threat that can lead to data breaches, financial loss, malware, and identity theft.

Some phishing emails can be easy to spot, a strange, maybe even foreign email asking you to transfer money into a bank account, or it could seem legitimate with company logos and credentials such as PayPal or Amazon asking you to log onto your account or give away confidential information. If you find a phishing scam, learn how to report it.

So how do you tell the difference between a phishing email and a legitimate one? Unfortunately, there is no single technique that works in every situation, but there are several things that you can look for that we’ve listed below.

The Message Contains a Mismatched URL

How to Spot a Phishing Scam

One of the first things you should check in a suspicious email message is any of the embedded URLs. Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address and if this hyperlinked address is different from the email address that is displayed, the message is probably fraudulent or malicious. It’s important to remember that email addresses and domain names can be easily spoofed.

In this instance, don’t click the link, report it if possible or don’t take any further action.

URLs Contain a Misleading Domain Name

How to Spot a Phishing Scam

Scammers who are behind phishing scams usually depend on their victims not knowing how the DNS naming structure for domains works to trick them.

The last part of a domain name is how you can tell if it’s a phishing email or not. For example, the domain name would be a child domain of because appears at the end of the full domain name (on the right-hand side).

Conversely, wouldn’t have originated from because the reference to is on the left side of the domain name.

This is a common way of trying to convince victims that a message came from a company like Microsoft or Apple. The cybercriminal simply creates a child domain using the Microsoft or Apple name. The resulting domain name would then look something like this:

Poor Spelling and Grammar

How to Spot a Phishing Scam

This is one of the key indicators that the email could be phishy. If a legitimate company or business sends out an email, it will usually be proofed and checked for any spelling or grammatical errors so if you notice a few mistakes in the email, it could be a fraudster.

Always re-read the email and check that there are no mistakes, and remember if it doesn’t feel right or look right then it probably isn’t right!

Asking For Personal Information

How to Spot a Phishing Scam

No matter how realistic and official an email might look, it’s always a bad sign if the sender requests personal information. Your bank doesn’t need you to send it your account number, sort code or any other information about your account as it already knows what that is.

A reputable company should never send an email asking for your password, credit card number, or the answer to a security question. If you’re unsure you can always call the company or bank directly regarding the information they claim to need.

An Offer That Seems Too Good To Be True

How to Spot a Phishing Scam

There’s a belief that if something seems too good to be true, then it probably is. If you receive an email with a great offer or someone making big promises, then it’s probably a scam.

There are also a lot of phishing emails circulating that claim you’ve won a lottery you didn’t enter, or a competition you didn’t apply for. All the scammer needs you to do is to click the link and enter your sensitive information online. These types of emails are sent to victims all over the world every day, so no matter how many zeros are on the cash prize, don’t fall for it.

Asking For a Donation

How to Spot a Phishing Scam

As unbelievable as it may seem, scam artists often send out phishing attacks inviting recipients to donate to a worthy cause after a natural or other tragedy and a lot of people fall for it. You should never send money to someone you don’t know or trust, or give away your details to someone you haven’t met or from a reputable source.

When thinking about phishing emails, the bottom line is that you should always double check, and never click any links or attachments or give confidential information or passwords if you have any doubts or find it suspicious. It’s always better to be safe than sorry.

Knowing the key components of phishing attempts could protect your accounts from becoming compromised, so always be vigilant.

For more information about phishing attacks, read our other blog about phishing here.

Other Articles on Cyber Security Awareness Training You Might Find Interesting