How to Spot a Phishing Email

What is Phishing?

Phishing is a method used by fraudsters in an attempt to gain access to your personal information such as usernames, passwords, card numbers, and account details, usually with malicious intent and the purpose of financial gain. Phishing often takes the form of an email or other electronic communication, in which the fraudster will pretend to be a legitimate organisation or service. Communications sent may often contain attachments or links to websites which are intended to infect your computer or mobile device with malware or spyware. Often criminals doing this will attempt to gain your trust by using personal information, in an attempt to gain your trust and convince you of the legitimacy of their message.

How Do I know if it’s a Phishing Email?

It can often be hard to know for sure if you have received a phishing email. Communications sent may be of very high quality, and bear an extreme likeness to legitimate emails sent by many well-known organisations and companies. However, as long as you exercise caution, and look out for the following list of tell-tale signs, there are ways to avoid falling victim to these scams.

Personal Information:

If you are ever being asked for personal information by an organisation that you are already affiliated with, then that may be a sign of a scam. Companies will usually have your information already, your bank for instance would never ask you to login or submit your account information – they have it already. Likewise, a fraudster may not necessarily have any of your information, so if you are addressed as ‘Dear Customer’, ‘Dear User’ or referred to by your email address, then it could well be a phishing scam.

Poor Spelling & Grammar:

It is probably one of the first things you would spot in a phishing email. Fraudsters often tend to make spelling and grammatical errors so read your emails very carefully – if you spot a spelling mistake for example ‘sing in’ instead of ‘sign in’, or anything similar it is likely to be a sign of phishing. Organisations take their communications seriously, and most emails would be checked by an editor before being approved – so consider spelling and grammar mistakes a probable tell-tale sign that the message is from an illegitimate source.


Often URLs will look like the real thing, but by hovering your mouse over the top of the URL or checking the info on it, you should see the actual address. If this address differs from the one displayed – it’s likely something isn’t quite right. You can also do this with the ‘from’ address, check if the domain name is associated with the company or institute it claims to have been sent from. For instance if you receive communication from a bank but the email domain is Gmail, or the name is misspelt in any way, it’s probably a scam.

Requests for Urgent Action:

This is one way fraudsters attempt to trick you into clicking their links and entering details – so exercise caution because once you’ve clicked through, fraudsters can steal information within minutes. Usually phishing emails will urge you to take an action, telling you that your account has been closed, locked, or that you have been billed for an item you likely wouldn’t have bought (even small amounts for things like app-purchases). Although it might be possible you receive a genuine email regarding account security or purchases for example, it is best not to click the links in the email and instead log into your accounts directly on the official website.

You Suspect Something:

Simply put, if you suspect it might be phishing or a fraudulent communication, it probably is. Go with your instincts on this one, and if you are in any doubts about the legitimacy of a message or contact, speak directly to the organisation about the matter and never share your personal information online.

What to do if I receive a Phishing Email?

If you think you’ve received a phishing email, or other form of fraudulent communication then it is usually a good idea to report it, so that it may be investigated and prevented in future, this also means you’ll be given a crime reference number should anything have gone wrong.

You can report suspicious communications to Action Fraud via an online form: You can also find more information about reporting Phishing scams on the government website here:

Just remember, that although it is not always possible to avoid receiving a communication that’s a phishing scam, by remaining vigilant and considering these points, you can reduce your chances of becoming a victim.

Add comment