Spotting Phishing Emails: A Comprehensive Guide
75% of Cyber Attacks Start with an Email
These attacks, and others via phone calls or text messages, are known as phishing attacks. As of August 2023, there were 23 million phishing scams reported to the National Cyber Security Centre. While companies can block suspicious emails from coming into inboxes, there’s always a chance that some slip through the net. Phishing emails sent to employees’ personal inboxes are also a risk to companies, as these scam emails are an entry point into personal information, and perhaps company data incorrectly stored or accessed via personal devices.
As phishing emails are so common, it’s important to know how to spot them. That’s why we’ve put together a 10-Step Checklist for Spotting Phishing Emails.
10-Step Checklist for Spotting Phishing Emails
Step 1: Check the Sender’s Email Address
This is the most common way to spot phishing emails, as they usually have mistakes, come from an unrecognised address, or a personal account. Check the name associated with the email address too — do they match?
Step 2: Analyse the Subject Line
Is it attention-grabbing or very vague? Subjects such as “Help needed” add a level of curiosity and increase the likelihood of someone opening the email.
Step 3: Evaluate the Greeting
The greeting is often very generic or unusual. Sometimes there’s no greeting at all. Examples include “Dear Customer” or “Dear Sir/Madam”.
Step 4: Inspect Attachments
Are there any unsolicited attachments with suspicious file names? If in doubt, don’t open them.
Step 5: Assess the Tone
Often, the sender writes with a sense of urgency and seriousness, usually including a tight deadline with consequences if this deadline isn’t met.
Step 6: Consider the Timing
Was the email anticipated? There is usually no pre-warning of the email, and it’s typically sent at an unexpected time of day.
Step 7: Review Spelling and Grammar
Phishing emails often contain several spelling or grammatical errors, so check for any mistakes.
Step 8: Verify Hyperlinks
If there’s any hyperlinked text, check the URL of the link by hovering over it until the URL pops up. Check whether this URL looks suspicious and avoid clicking on it if you have any doubt.
Step 9: Look at the Email Signature
Is there an email signature, and does it match the company brand guidelines of the sender? Look at the formatting and try to compare it to another sender from that company if you can.
Step 10: Scrutinise the Request
Phishing emails aim to collect your personal information, either through a link, attachment, or follow-up request. If the email doesn’t contain a suspicious attachment or link, check what they’re asking you to do. They may ask you to reply to the email instead.
What to Do After Completing the Phishing Email Checklist
Once you’ve gone through these 10 steps, you’ll have a better idea of whether the email is suspicious or not. Always report the email as phishing if it’s suspicious. You can do this using your email provider's reporting tools, or report it directly to the National Cyber Security Centre using their website.
If you’ve followed these steps and the email looks safe but you’re still unsure, talk to the person who sent the email via phone to check whether it’s genuine — or even better, see them in person.
Enhance Your Cyber Security Defenses
Interested in bolstering your cyber security defenses? Get in touch to find out more about cyber security services or cyber security training from the IT company with the Best Cybersecurity Transformation UK.
