Stay informed about cyber awareness training topics and mitigate risk in your organisation.

How to Spot a Phishing Scam

How to Spot a Phishing Scam

about the author

Spotting a phishing scam can be difficult unless you know what signs to look out for. Phishing emails are becoming so convincing and realistic that it’s sometimes hard to know what’s genuine and what’s a scam. Often hackers will create a sense of urgency in phishing attacks to encourage users to react before they think.

Phishing attacks are a serious cyber security threat that can lead to data breaches, financial loss, malware, and identity theft.

Some phishing emails can be easy to spot, a strange, maybe even foreign email asking you to transfer money into a bank account, or it could seem legitimate with company logos and credentials such as PayPal or Amazon asking you to log onto your account or give away confidential information. If you find a phishing scam, learn how to report it.

So how do you tell the difference between a phishing email and a legitimate one? Unfortunately, there is no single technique that works in every situation, but there are several things that you can look for that we’ve listed below.

The Message Contains a Mismatched URL

How to Spot a Phishing Scam

One of the first things you should check in a suspicious email message is any of the embedded URLs. Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address and if this hyperlinked address is different from the email address that is displayed, the message is probably fraudulent or malicious. It’s important to remember that email addresses and domain names can be easily spoofed.

In this instance, don’t click the link, report it if possible or don’t take any further action.

URLs Contain a Misleading Domain Name

How to Spot a Phishing Scam

Scammers who are behind phishing scams usually depend on their victims not knowing how the DNS naming structure for domains works to trick them.

The last part of a domain name is how you can tell if it’s a phishing email or not. For example, the domain name would be a child domain of because appears at the end of the full domain name (on the right-hand side).

Conversely, wouldn’t have originated from because the reference to is on the left side of the domain name.

This is a common way of trying to convince victims that a message came from a company like Microsoft or Apple. The cybercriminal simply creates a child domain using the Microsoft or Apple name. The resulting domain name would then look something like this:

Poor Spelling and Grammar

How to Spot a Phishing Scam

This is one of the key indicators that the email could be phishy. If a legitimate company or business sends out an email, it will usually be proofed and checked for any spelling or grammatical errors so if you notice a few mistakes in the email, it could be a fraudster.

Always re-read the email and check that there are no mistakes, and remember if it doesn’t feel right or look right then it probably isn’t right!

Asking For Personal Information

How to Spot a Phishing Scam

No matter how realistic and official an email might look, it’s always a bad sign if the sender requests personal information. Your bank doesn’t need you to send it your account number, sort code or any other information about your account as it already knows what that is.

A reputable company should never send an email asking for your password, credit card number, or the answer to a security question. If you’re unsure you can always call the company or bank directly regarding the information they claim to need.

An Offer That Seems Too Good To Be True

How to Spot a Phishing Scam

There’s a belief that if something seems too good to be true, then it probably is. If you receive an email with a great offer or someone making big promises, then it’s probably a scam.

There are also a lot of phishing emails circulating that claim you’ve won a lottery you didn’t enter, or a competition you didn’t apply for. All the scammer needs you to do is to click the link and enter your sensitive information online. These types of emails are sent to victims all over the world every day, so no matter how many zeros are on the cash prize, don’t fall for it.

Asking For a Donation

How to Spot a Phishing Scam

As unbelievable as it may seem, scam artists often send out phishing attacks inviting recipients to donate to a worthy cause after a natural or other tragedy and a lot of people fall for it. You should never send money to someone you don’t know or trust, or give away your details to someone you haven’t met or from a reputable source.

When thinking about phishing emails, the bottom line is that you should always double check, and never click any links or attachments or give confidential information or passwords if you have any doubts or find it suspicious. It’s always better to be safe than sorry.

Knowing the key components of phishing attempts could protect your accounts from becoming compromised, so always be vigilant.

For more information about phishing attacks, read our other blog about phishing here.

you might enjoy reading these