The cyber threat landscape is rapidly evolving. It is becoming increasingly sophisticated and impacting individuals and businesses alike. To help you stay one step ahead of cybercrime, we’ll be exploring a different aspect of cyber security each month in 2025 as part of our bitesize series.

This month’s focus is on how to spot a phishing email.

What is a phishing email?

A phishing email is an email containing links to malicious websites or viruses which is intended to scam people.

Phishing emails can come in all shapes and sizes and pose a risk to all people and organisations, no matter how robust you may think your security measures are. One wrong click can be enough to give cybercriminals access to your organisation’s systems. That’s why it is so important to educate yourself and your employees on how to spot a phishing email.

How to spot a phishing email

A whopping 3.4 billion phishing emails are sent every day.^[1] Although they are certainly getting more advance and more difficult to spot, there are several tell-tale signs that you can look for that might help you identify a phishing email.

1. The sender’s email isn’t legitimate

Whenever you receive an email from anyone, it is so important to verify that it is from a sender you know and trust. If you hover over the sender’s address, and it appears different from what you saw in the original field, that is a surefire sign that you should be on your guard.

In terms of emails from businesses, usually you would expect to find blank@businessname.co.uk or blank@businessname.com, rather than businessname@outlook.com. Traditionally, established businesses will have an official email address with their domain included, rather than an @outlook.com or @gmail.co.uk.

Similarly, when you look at a domain name, you might find that it has a spelling mistake in it. This could be before or after the @ sign. For example, service@paypall.co.uk. In this case, the scammer has purchased a domain name that is almost identical to the legitimate email address and attempted to sneak through your defences.

2. The email has a lot of grammatical errors

Poor spelling and grammar are a stereotype often associated with phishing emails. Many people question why they would do this. Cybercriminals are obviously very capable at designing advanced cyberattacks, yet they can’t spell simple words correctly, something doesn’t add up. Experts explain that they do this for a couple of reasons.

The first being that it whittles out the cyber savvy recipients and leaves them with the most gullible targets. People who, despite the seemingly obvious mistakes, still think it’s legitimate.^[2] A scammer doesn’t want their inbox clogged up by lots of responses from people who won’t fall prey to the scam and pay.

Secondly, by misspelling words, it allows scammers to bypass spam filters which look for words commonly found in phishing emails.^[3]

3. The email is urgent

Many phishing emails like to convey a sense of urgency to pressurise you into making a rash decision that you will live to regret.

This also applies in a workplace environment. Scammers are aware that a time sensitive email from our boss tends to take priority and use this to their advantage. For example, you might receive an email from your “boss” (or a scammer impersonating them) asking you to promptly pay an invoice for a supplier, with the instructions to process immediately.

If this happens, don’t be afraid to reach out to your boss via another means (i.e. telephone, Teams) and double check that this is legitimate. Most bosses and businesses would appreciate you being cautious and praise you for double-checking.

4. The email asks you for sensitive information

If you have been asked to provide bank details or passwords via email from a business, then it could be a sign that it’s a scam. Before acting upon it, contact the business through the official email address/phone number on their webpage to confirm, however it is likely a scam. Do not reply to the email.

5. The email asks you to open attachments

Phishing emails are sent to try to scam you. This could be in the form of opening an infected attachment, which contains malware designed to corrupt and wreak havoc to the victim’s device. As a rule of thumb, never open an attachment unless you are absolutely certain that it is safe. If you need to, contact the sender via another means of communication to double-check first.
 

6. The email asks you to visit a link

Similar to emails containing attachments, they can also include a suspicious link that takes you to a website which may impersonate another website and encourage the reader to process payment information or enter sensitive personal data.

Whenever you receive an email like this, you should hover over the hyperlink to see where it really takes you. This is straightforward on a laptop, however for smaller devices it is worth investing time training yourself on how to do this on your particular device. Practise with a non-threatening email first to be on the safe side.

What should I do if I suspect I’ve been sent a phishing email?

Most email providers will have an option for you to report any suspicious emails or phishing attacks. The government recommends forwarding any emails you expect to be suspicious to report@phishing.gov.uk where the NCSC will then investigate it.^[4]

If you are sent a phishing email at work, you should check your workplace’s processes to see how you report the attack.

If you have any doubt in your mind about the integrity of the email, treat it with extreme caution. Do not click on any links and do not forward it to anybody else. If you need to explain what you have received, send a screenshot rather than the actual email.

I've just clicked on an attachment in a phishing email, what should I do?

You’ve accidentally clicked on a phishing link. Don’t panic. It’s time for damage control.

1. Disconnect from the WI-FI for two reasons:
   1. If you’re quick enough, it might prevent the malware from fully downloading on to your device.
   2. To prevent the virus spreading across the WI-FI and infecting all other devices on that network.
2. Notify your cyber security team immediately, ideally via a mode of communication not connected to your vulnerable device. They can then walk you through the company approved next steps. If it happens on a personal device, report the incident to your email provider and the company the phishing email was impersonating.
3. Run an antivirus scan to check for the newly downloaded malware.
4. Update your passwords using strong, unique passwords.
5. Be vigilant of any suspicious activity in bank accounts, social media accounts, email accounts.
6. If you find you have been hacked as a result of the phishing message, you should report it to the NCSC.
   
   

How do I know if my device has been hacked?

• Slow performance – If websites start taking ages to download or your battery drains super quickly.
• Strange pop-ups – If you start receiving lots of spam ads or odd pop-ups.
• Changes to your settings – If you notice any changes to your security settings such as the camera or microphone permissions.
• Rise in temperature – If you feel like your phone gets hot.
• New or unfamiliar programmes – If you see apps appear on your phone that you don’t recall downloading.
  
  

About the author

Alison Wild BCom (Hons), FMAAT, MATT, Taxation Technician is a highly respected industry professional who has been working with and advising SMEs in areas including tax, pensions, insurance and marketing for over 25 years. She is a Fellow member of the Association of Accounting Technicians (AAT) and Association of Tax Technicians (ATT) and also has 20 years' experience as a residential landlord.

Sources

[1] The Latest Phishing Statistics (updated January 2025) | AAG IT Support

[2] The clever reason scammers can’t spell – IT Services blog

[3] Why Scammers Make Spelling and Grammar “Mistakes” - Joseph Steinberg: CyberSecurity Expert Witness, Privacy, Artificial Intelligence (AI) Advisor

[4] Avoid and report internet scams and phishing: Report internet scams and phishing - GOV.UK

Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems, we recommend that professional advice be sought.