7 ways to detect a phishing email – with examples

Phishing is prevalent, and is used in a wide variety of attacks. According to Wombat’s 2018 State of the Phish™ report, 76% of information security professionals experienced phishing attacks in 2017. 

Learn more about phishing with our blog post, What is phishing and how can you avoid becoming a victim? >> 

What is a phishing email? 

Phishing is a form of social engineering in which attackers send emails that purport to be from legitimate and reputable organisations, but contain malicious attachments or links to sites that either use drive-by downloads to install malware onto victims’ machines or harvest their credentials.  

However good your perimeter security is – and even if your organisation uses robust antivirus and anti-malware solutions, conducts regular penetration tests, and keeps its systems up to date by installing the latest patches – some dubious traffic will inevitably get through. 

When it does, your staff are your last line of defence. 

It’s critical that you train them to recognise phishing emails and regularly test their susceptibility to attack. 

Find out more about staff awareness e-learning >> 

What are the signs of a phishing email? 


Although phishing emails are becoming more sophisticated, there are still many tell-tale signs that users should beware of. Here are seven of the most obvious: 

  • Emails sent from suspicious email addresses 

Always look at the sender’s email address – not just their display name, but the actual address and domain (the bit within angled brackets in the ‘from’ field). If it doesn’t match the organisation’s web address or bears no relation to the display name, it probably isn’t legitimate. And just because the name of the organisation it’s imitating is featured somewhere in the domain doesn’t make it legitimate.

  • Spelling and grammar mistakes 

Corporate communications have usually been written by copywriters and/or checked for mistakes. If an ‘official’ email is strewn with errors, you should question its validity – especially if it invites you to click a link or open… 

  • Unsolicited attachments 

If you didn’t expect an attachment, don’t open it. Malicious attachments download malware onto your machine. Delete. 

  • Non-personalised greetings 

No company will address you as “Dear valued customer…” if it has your name. Companies love the personal approach – they think it helps engender customer loyalty. If an email doesn’t address you by name, delete it. 

  • Threats or enticements that create a sense of urgency 

Urgent! Your account has been suspended! Payment required! Updated building evacuation plans! Overdue invoice! Act now! 

No it isn’t, no it hasn’t, no it isn’t, no they’re not, no it isn’t, don’t. 

Phishing emails have a greater chance of success the sooner they are opened: Proofpoint found that almost a quarter of clicks occurred within five minutes of a phishing email being delivered. 52% of successful phishing emails are opened within an hour of being sent. Phishers depend on creating a sense of urgency so that recipients get flustered and click without thinking. Slow down. 

No legitimate entity will ask you for passwords or other personal or confidential information via email. Don’t be rushed into giving away something you shouldn’t. 

  • Links to unrecognised sites or URLs that misspell a familiar domain  

To misquote the old lawnmower advert: it’s a lot less bother with a hover. Before clicking any link, hover the cursor over it and see where the link is actually going. If the destination doesn’t match the link text, something isn’t right. 

  • Contact details that do not match registered details 

If the contact details in the email bear scant correspondence to the real company’s information, then you can be pretty sure the email is dubious. If in doubt, always navigate to the legitimate site yourself, and check. 

For more pointers on how to avoid phishing attacks, take a look at our phishing infographic >>