Phishing and how to identify them

Phishing emails – how to identify them – 2021 update

July 1st, 2020 Posted in Information Security

It’s no surprise that the last 18 months have seen a surge in cyber crime, largely due to the COVID-19 pandemic, millions of workforces working remotely and health care data being a main target. Online crime has become a huge threat to organisations of all sizes across the globe, and phishing email is one of the most common and most dangerous methods that criminals use. Although it might have been easy to spot in the past, as criminals become more sophisticated, it is becoming more difficult to identify phishing emails. 

The idea behind these attempts is to secure personal or financial information from the victim, and hundreds of thousands of people fall victim to criminals every year. The COVID-19 pandemic has seen a significant rise in phishing attempts, and by the start of April 2020, over £1.6 million had been scammed by criminals. The latest Data Breach Investigations Report 2021 from Verizon, highlights the growing trends in cyber criminal activity, and the impact it has had on businesses throughout the pandemic. The report shows that phishing attacks saw a significant jump, from 25% in 2019 to 36% in 2020.

Despite the rising sophistication of these attempts, there are still a number of ways to identify phishing emails. Here are our top three ways to identify a scam:

Suspected Phishing Email? Check the sending address

One of the first ways to identify a phishing email is to check the email address that it has been sent from, not just the stated sender’s name. An immediate warning sign should be if it is coming from a public email domain such as Gmail or Yahoo or a strange email address. Any legitimate company will likely contact you from a personalised domain name, and these are very easy to check by just simply typing that domain into a search engine.

Scammers are able to adapt the appearance of the overall email, making it look as realistic as possible; however, the sending address is sometimes the giveaway. To get around this, many experienced criminals attempt to make it look believable at a quick glance, so make sure you check the address for any spelling mistakes or if it contains additional letters or numbers.

Take a look at the email pictured below (received this week by a colleague) – the sender address is unusual and the red padlock icon shows that TLS encryption was not used, which is also unusual. Both of these would immediately raise suspicions (click the image to make it larger).

Sending Address

Phishing emails are usually poorly written

One of the clearest ways to determine if an email is a phishing attempt is to check the overall spelling, grammar, look and feel. When a legitimate company contacts you, they are attempting to sell their brand and company to you, so will ensure that the email is captivating and well written. On the other hand, scammers do not have such concerns and are simply trying to send as many different emails to as many people as possible.

Although there is a common belief that scammers keep these mistakes in on purpose in order to filter out the less gullible, the truth is that for many scammers, English is either not their first language or they may have had limited access to education. This means that they have run the email through spellcheck or a translation service, which often results in the messaging not quite conveying the right context.

Returning to the same email, you can see from the image below that the look and feel are odd. There is no sender name, brand, or logo; the email isn’t well personalised (instead, the first part of the recipient’s email address is used), and there is a clear call to action which is the button inviting the recipient to click. Because the sender isn’t named and the content of the ‘package’ isn’t mentioned the aim seems to be to get recipients to click the link to find out more.

Poorly Prepared

Suspicious links or attachments in mail

Another common sign of a phishing email attempt is a message containing suspicious attachments. Usually, the email will not provide much information, encouraging the recipient to open the attachment, which will then lead to malware being installed on their device.

Suspicious links are also a clear sign of a phishing email attempt. Many scammers hide these links behind shortened links such as a link or behind a clickable button, preventing suspicions from being aroused by the recipient when they see the link.

While these three might be the key factors to consider, they are not the only warning signs. Any time you receive mail that you were not expecting, practice caution before clicking or responding. Scammers like to create a sense of urgency or force you towards a link to find out more, and it only takes a momentary lapse in concentration for you to fall victim.

In our case, the email below uses a combination of these techniques. Little information is provided to encourage the recipient to click the link, and a sense of urgency has been created by stating delivery is waiting for shipment. Although you can’t see it, the addresses linked to by the button and unsubscribe links are hidden behind links.


Scam mail: Don’t expect the unexpected

Our final tip is an important one because not all phishing emails are so obvious. They are becoming more sophisticated and created to look like genuine emails from HRMC, Amazon, Microsoft, and others. Be suspicious If you receive unexpected mail that that includes an attachment or link, especially if it is unexpected good news such as an HMRC refund email or a purchase order. Don’t open the attachment or follow the link.

If for any reason you do click a link in an unexpected email, never, in any circumstances, submit a username or password on a site it takes you to. Instead, call the sender (don’t email them as the attacker will be happy to email you back) or ask your IT or information security team to take a look. This shouldn’t slow you down and if the email wasn’t expected then a little delay won’t hurt. Sometimes they might be genuine – last week we received an unexpected purchase order; we ran it through malware scanners and contacted our customer separately to ask if it was genuine. It turned out it was, but we didn’t open it until we were sure.

Awareness is key

Even though your employees might be trained annually on security, people forget things and make quick decisions when busy and under pressure. For this reason, it’s important to maintain ongoing awareness, such as employee phishing tests, ‘drip’ awareness campaigns with examples of phishing emails, and reminding people what to look for and what steps to take.

Free download

Download your free pdf for identifying phishing:

Identifying Phishing 1

Need help?

If you need help to improve security awareness and reduce the risks of phishing emails, please get in touch with our friendly team today.


Computer vector created by upklyak – – edited by Evalian
Chris Headshot 250x250

Written by Chris Hawthorn

Chris is our Commercial Director, with responsibility for client care and business development. He has a strong knowledge of data protection, information security, penetration testing and ISO 27001. Prior to joining Evalian™, Chris has worked with early stage and fast growing companies in the software, information security and data protection space, and has spent time living and working in Europe as well as here in the UK.