top of page
solve-it_blue_R19G22B63.png
Blue Skies

How to Spot a Phishing Email: 5 Signs You Should Never Ignore

  • Writer: Kris Daniels
    Kris Daniels
  • Jan 21
  • 3 min read

ree

Phishing emails are one of the most common and dangerous threats businesses face today. They’re cheap, fast, and highly effective for cybercriminals. Whether you're a small business owner or a team member in a large corporation, a phishing email can sneak into your inbox and cause serious damage with just one careless click.


According to industry reports, over 90% of successful cyberattacks begin with a phishing email. That makes awareness and prevention your first line of defence.

So, how can you tell a phishing email apart from a legitimate one?

Let’s walk through five red flags that you and your team should always be on the lookout for—plus what to do when you spot one.



1. Unfamiliar or Spoofed Email Address


Phishing emails often pretend to come from legitimate companies—banks, Microsoft, vendors, even internal team members. But when you look closer, the sender’s email address doesn’t match up.


Common signs:

  • Slight misspellings (e.g., admin@m1crosoft.com)

  • Generic domains like @gmail.com instead of @company.com

  • Strange characters or extra words in the address (e.g., support-team@securemicrosoft365.help)


What to do:

  • Always check the full email address, not just the sender name.

  • If you're not sure, compare it with previous legitimate emails.

  • Forward it to your IT team or use your reporting tool (like Microsoft’s Report Phishing button).



2. Spelling Errors, Bad Grammar, or Awkward Formatting


Many phishing attempts are written quickly or translated poorly. You might notice odd sentence structure, strange line breaks, or grammatical mistakes that stand out—especially if you regularly receive communications from the organization being impersonated.


Example:

"Dear User,We notice unusual login activities in your account. Please verify informations and confirm now to aviod closure."

What to do:

  • Read emails carefully, even if they look official at first glance.

  • Mistakes like these are often a giveaway that the sender isn’t who they claim to be.



3. Urgent or Threatening Language


Phishing emails are designed to create panic so you’ll act without thinking. You might be told your account will be shut down, that you’ve been hacked, or that you must verify personal details immediately.


Phrases to watch for:

  • "Your account has been compromised!"

  • "Act now to avoid suspension."

  • "Failure to respond will result in deactivation."


What to do:

  • Slow down. Legitimate companies rarely ask for urgent action via email alone.

  • When in doubt, contact the sender through official channels—not by replying to the suspicious email.



4. Suspicious Links or Attachments


Phishing emails may include links that lead to fake login pages or attachments that contain malware. These links often look normal on the surface but redirect to malicious websites.


What to look for:

  • A button like "Reset Password" that opens a login screen asking for your credentials.

  • Links that, when you hover over them, reveal a URL that doesn't match the sender.

  • Attachments with strange file names or uncommon extensions like .exe, .html, or .scr.


What to do:

  • Hover (don’t click) on links to see the real URL.

  • Don’t open unexpected attachments, even if they appear to come from someone you know.

  • Ask your IT team to verify any link or file you’re unsure about.



5. Unexpected Requests for Personal or Sensitive Information


Legitimate companies will never ask for things like your password, PIN, or bank details over email. If an email asks for confidential data—especially in a non-secure way—it’s likely a phishing attempt.


Watch for:

  • Requests to “verify” your login details or identity

  • Emails asking you to update payment info via a link

  • Messages pretending to be from HR, your CEO, or IT


What to do:

  • Never reply with personal data.

  • Always confirm unusual requests through another communication channel (e.g., call the sender directly).

  • Mark the email as phishing and report it.



What to Do If You Receive a Suspicious Email


If you think you’ve received a phishing email:

  1. Don’t click anything.

  2. Don’t forward it to others unless instructed by IT.

  3. Report it immediately to your IT or security team.

  4. If using Microsoft Outlook, click the “Report Phishing” button (if enabled).

  5. If you’ve already clicked or entered information—let your IT team know immediately.



Make Cybersecurity a Team Effort


The best firewalls and antivirus tools won’t stop a phishing email if an employee clicks a bad link. That’s why regular employee cyber awareness training is just as important as technical defences.


And remember—phishing tactics evolve. Today’s scam might look different tomorrow. That’s why staying informed and fostering a "think before you click" culture is so important.


Need Help Protecting Your Team?

We can help your business stay protected with real-world cybersecurity training, phishing simulations, and IT tools that make prevention easy. Whether you need help setting up Microsoft 365 security features or want monthly training refreshers, we’ve got your back.


Get in touch with us today to schedule a free cybersecurity consultation.

 
 
bottom of page