How to Spot a Phishing Email

Do your employees know how to spot a phishing email? No one is born with the ability to identify phishing emails and other cyber threats, is a skill that has to be learned and it is the responsibility of employers to provide the necessary training to ensure that their employees are sufficiently skilled in this area. After all, it is the employer who will suffer the consequences if their employees do not know how to spot a phishing email and end up disclosing their credentials or installing malware.

Many studies have been conducted over the years to gauge cyber resilience at businesses – The ability of businesses to continue to operate effectively despite cyberattacks – and the ability of employees to be able to spot a phishing email or other social engineering attack. Cyber resilience and the ability of the workforce to identify phishing emails are very closely linked, as phishing is the most common way that cyber actors attack businesses and 90% of data breaches are the result of human error.

It pays not to leave it to chance and to provide comprehensive security awareness training to the workforce, with an emphasis on teaching employees how to spot a phishing email. With that in mind, we have provided some tips about the things everyone should be looking for each time they receive an email or a text message. There are a lot of items on the list, and it may seem that performing all these checks on every email received will mean there is little time in the day for anything else, but these checks will become second nature over time, and they do not take long to perform.

How to Spot a Phishing Email – Initial Checks for Every Inbound Email

Every email received should be briefly checked for the signs of a phishing email. These checks will take seconds, and they are concerned with quickly identifying any major red flags. It is surprising how often these blatantly obvious signs of phishing emails are missed.

Check the sender

Does the display name of the sender match their actual email address? You can add any display name you want for an email address, even if it has no relation to the actual email address. Display names are changed to get you to trust that the email has come from a specific person.

Check the email domain

If the email claims to come from a company – Microsoft for instance – does the domain of the email address reflect that company? Is it an official domain? Aside from some small businesses, most organizations will have their own domain and they will not use public email domains such as Also be suspicious of any email domain that includes the company name or part of a company name that also has a hyphen e.g., Hyphenated domains can be purchased at domain registrars and are not usually bought up by the official owner of a brand. Also, check carefully for misspellings e.g., and substitutions e.g.

Check the subject line

Check the subject line for anything unusual. Does the subject line contain any spelling mistakes or is it poorly written? Does anything seem off? Take a second to think. Would the alleged sender of the email be sloppy like that?

Where do the URLs direct you?

Phishing emails that try to steal sensitive information such as login credentials or credit card numbers will usually direct you to a website that harvests that information. The URLs in emails are often hidden with a button or the link text is changed. Hover your mouse around over the link or button and check the destination URL. Does it look official? Is the domain the one used by that company? Has a URL shortening service been used? Phishing emails will try to trick you into thinking the communications are official and masking links is one of the main ays that is achieved. Emails may include the logo of a spoofed company, have the same color scheme and format, and even the same text as official messages but the websites they link to are not official domains.

How to Spot a Phishing Email: Step 2 – Check the Message Content

The above checks will identify many mass phishing campaigns, but there are further checks to perform. These checks are also quick and will identify most phishing emails. They are concerned with the actual content of the message, as there are common characteristics of phishing emails to look for.


Phishing emails create a sense of urgency to get the recipient of a message to take quick action without stopping and thinking about the request. Take a moment to stop and think about what is being asked. Does it sound legitimate? Would the company contact you this way?


The urgency is often accompanied by a threat. If you do not take this action immediately there will be bad consequences. Phishers often try to scare people into taking an action quickly – Your account will be charged if you don’t block this payment, your account will be closed, or will face legal or police action. Fear can get people to forget these tips about how to spot a phishing email and act without thinking.

Generic greetings

Most companies that communicate with you via email will know your name and will address the email to you personally – Dear John or Dear Mr. Smith. If the email is addressed to “dear customer” or “dear email username” the sender has your email address but most likely doesn’t know your name.

Request for sensitive information

Either the email, attachment, or website linked in the email will request sensitive information such as your login credentials. If you are directed to a website with a login box, it may be exactly the same as the login box it spoofs, but is the website domain correct? Don’t give out any sensitive information unless you are certain that you know who you are communicating with.

Information is in an email attachment that could have been in the message

Is there any need for an attachment to have been used? Could that information have been included in the email body? To fool email security software, links and information are often included in attachments. Password-protected files and zip files are often used for the same reason – to hide malicious content from email security solutions.

Grammatical errors and spelling mistakes

Does the message contain grammatical errors or spelling mistakes? Company communications are carefully checked before sending and are run through spell checkers. Phishers often do not have English as a first language and make mistakes, and they frequently include grammatical errors or spelling mistakes deliberately to restrict the people who click. If a message ridden with spelling mistakes still attracts a click, that person is likely to be fooled by the next stage of the scam.

And Finally…

Do not open any attachment or click a link in an email unless you are confident that the email is genuine. Just following a link or opening an attachment could trigger malware to be silently installed. If you do open an attachment, never enable content as this will allow macros to run which will download malware. You do not need to enable content to allow the content to be displayed as it was written in a previous version of Word or Excel!

If you are asked to visit a website, don’t use the link n the email, instead use the bookmark in your browser or find the official site on Google. If there is a problem with your account, you will be told about it when you log in. If you are unsure about an attachment, scan the file with your antivirus software, report it to your security team and ask them to check it, or give the recipient a quick call to verify they did send the attachment.

How Businesses Can Protect Against Phishing Attacks

It is important to teach employees how to spot a phishing email and to check they have taken the training on board using internal phishing simulations – fake phishing tests your IT team (or you) can conduct to see who responds. These tests can identify individuals who need more training and any types of phishing emails that are consistently fooling the workforce, which can be addressed in further security awareness training.

Email security software knows how to spot a phishing email, so make sure it is installed. It will not block 100% of phishing emails but will block the majority and will scan attachments for malware. An advanced email security solution that can analyze the behavior of attachments rather than relying on antivirus software is best, and one that includes AI or machine learning as these solutions are better at spotting phishing emails, especially spear phishing (targeted) emails.

Use a web filter. A web filter is used to filter the Internet and prevent users from visiting known malicious content, such as websites hosting malware or the phishing forms that steal credentials. When a user clicks a link in an email or browses the Internet, a web filter will protect against attempts to visit malicious content.

Set up multi-factor authentication for email accounts. In the event of credentials being stolen in a phishing attack, multi-factor authentication will prevent them from being used to access the account. An additional method of authentication will need to be provided in addition to a password before access is granted.

TitanHQ offers three anti-phishing solutions for businesses, all of which are quick to set up, require no technical skill to use, and are priced to make them affordable for businesses of all sizes:

  • SpamTitan Email Security
  • WebTitan Web Filter
  • SafeTitan Security Awareness Training and Phishing Simulation

All three solutions are available on a free trial – For further information, contact TitanHQ today and take the first step toward improving your phishing defenses.