Skip to content
Skip to main content

About this free course

Download this course

Share this free course

Introduction to cyber security: stay safe online
Introduction to cyber security: stay safe online

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

2.4 Spotting a phishing email

An example of what could be a phishing email.
Figure 9

Although a phishing attack may appear plausible at first glance, there are some tell-tale signs that should make you very cautious about clicking on any links or giving any personal information to the supposed sender.

Read through the points below to find out what to look out for.

  • Spelling mistakes: Most English-language phishing expeditions are sent from countries where English is not the primary language. Attackers often give themselves away by imprecise use of English, even with quite common phrases, and including spelling errors. So read the message carefully. However, there are many phishing emails that use excellent English.

  • Who is it to? Many, but not all phishing attacks do not use your name in the introduction – preferring ‘Dear valued customer,’ or ‘Dear user,’. This is because they cannot personalise the emails sufficiently. Your bank or online store can do this and should address you as ‘Dear Bob,’ or ‘Dear Mrs Jones,’ (or whatever your name is). However, note that because so many millions of user details have been revealed by data breaches it is quite possible for a phishing email to use your personal details.

  • Poor quality images: Sometimes, the images used in the emails are fuzzy, or your information may appear as an image rather than type. These images have been copied from screens and would not be used by original companies. It is easy to obtain images every bit as good as the originals though, so a high quality image should not persuade you the message is genuine.

  • Content of the email: In almost all countries, banks and other financial bodies will not email you to tell you about problems with your account. They recognise that email is fundamentally insecure and that personal information should not be sent by email. So, even the method of communication will give you a clue about whether it’s genuine. The email may give a false sense of urgency, claiming that your account is at risk if you do not act quickly. This is not the case.

  • Links: The text of a web link is not the same as the destination of the link itself – the link might say it is taking you to, for example http://www.trustedbank.com, but in fact it can take you anywhere on the web – including to a phisher’s computer impersonating that of a reputable company. You can spot some fake links by hovering your mouse pointer over the link – but do not click the button. The actual destination of the link will appear at the bottom of the window or in a small floating window next to the link. In a phishing email, the link will probably be to an address you aren’t familiar with. Other fake links may display a genuine destination when you hover over them, but still take you to a fake website because code in the page intercepts the link and sends your click elsewhere.

The example message below claims to come from a fictional site called ePay and is about unauthorised activity on the account. The link says it goes to ePay’s site, but the address is slightly different and is unlikely to be owned by ePay.

A phishing email claiming to come from the fictional ePay site
Figure 10 A phishing email claiming to come from the fictional ePay site

So the rules are to be suspicious and to look at the details of the message, the language, the quality of the images and where the links actually take you. Banks and shops will always prefer you to call them and check rather than risking your security.

If you have not already done so recently, check you email address on https://haveibeenpwned.com/ [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] . Email addresses that are on a breached list are much more likely to receive spam than those that are not listed. If your email address is on the list you need to assess what related data may have been revealed. You may need to change passwords that use that email address, especially if you have reused the same passwords in the past, or even stop using that email address