Are you ready for a cyber attack?
Back to Resources

How to spot a phishing email in 10 steps


Emily Keeling

Marketing Manager

75% of cyber attacks start with an email. These attacks, and others via phone calls or text messages, are known as phishing attacks. As of August 2023, there were 23 million phishing scams reported to the National Cyber Security Centre. While companies can block suspicious emails from coming into inboxes, there’s always a chance that some slip through the net. Phishing emails sent to employees’ personal inboxes are also a risk to companies, as these scam emails are an entry point into personal information, and perhaps company data incorrectly stored or accessed via personal devices.

As phishing emails are so common, it’s important to know how to spot them. That’s why we’ve put together a 10-step checklist to follow when you come across a suspicious email.


10-step checklist for spotting phishing emails

Step 1 – Sender’s email address

This is the most common way to spot phishing emails, as they’ve usually got mistakes, from an unrecognised address, or from a personal account. You can check the name associated with the email address to, do they match?


Step 2 - Subject line

Is it attention grabbing? Or is it very vague? Subjects such as “Help needed” add a level of curiosity and increase the likelihood of someone opening the email.


Step 3 – Greeting

The greeting is often very generic, but unusual. Sometimes there’s no greeting at all. Examples include “Dear Customer” or “Dear Sir/Madam”.


Step 4 – Attachments

Are there any unsolicited attachments that have a suspicious file name? If in doubt, don’t open them.


Step 5 – Tone

Often, the sender writes with a sense of urgency and seriousness. They usually include a tight deadline with consequences if this deadline isn’t met.


Step 6 – Timing

Was the email anticipated? There is usually no pre-warning of the email, and it’s typically sent at an unexpected time of day.


Step 7 – Spelling and grammar

Phishing emails often contain several spelling or grammatical errors, so check through for any mistakes.


Step 8 – Hyperlinks

If there’s any hyperlinked text, then check the URL of the link. You can do this by covering over the hyperlink until the URL pops up. Check whether this URL looks suspicious and avoid clicking on it if you have any doubt.


Step 9 – Email signature

Is there an email signature, and does it match the company brand guidelines of the sender? Look at the formatting and try to compare it to another sender from that company if you can.


Step 10 – Request

Phishing emails aim to collect your personal information, either through a link, attachment, or follow-up request. If the email doesn’t contain a suspicious attachment or link, then check what they’re asking you to do. They may ask you to reply to the email instead.


What to do after completing the phishing email check-list

Once you’ve gone through these 10 steps, you’ll have a better idea of whether the email is suspicious or not. You should always report the email as phishing if it’s suspicious. You can do this using your email providers reporting tools, but you can also report it directly to the National Cyber Security Centre using their website.

If you’ve followed these steps and the email looks safe but you’re still feeling unsure, talk to the person who sent the email via phone to check whether its genuine – or even better, see them in person.

Interested in bolstering your cyber security defences? Get in touch to find out more about cyber security services or cyber security training from the IT company with the Best Cybersecurity Transformation UK.