What Is Email Phishing?
Phishing is a type of cyberattack where criminals send emails that appear to come from trusted sources — banks, government agencies, or popular services — in order to trick you into revealing passwords, financial details, or personal information. Phishing remains one of the most common and effective attack methods because it targets human behaviour rather than software vulnerabilities.
8 Red Flags in Phishing Emails
1. Suspicious Sender Address
The display name might say "PayPal Support", but always check the actual email address. Phishing emails typically use addresses like support@paypal-security-help.com rather than an official domain. Hover over the sender name to reveal the real address.
2. Urgent or Threatening Language
Phrases like "Your account will be suspended in 24 hours" or "Immediate action required" are designed to panic you into acting without thinking. Legitimate organisations rarely use this tone in routine communications.
3. Generic Greetings
Emails starting with "Dear Customer" or "Dear User" instead of your name are a common sign of a mass phishing campaign. Companies you have accounts with will typically address you by name.
4. Unexpected Attachments
Be extremely cautious with unexpected attachments, especially .exe, .zip, .docx, or .pdf files. These can contain malware. If you weren't expecting a file, verify with the sender by phone before opening it.
5. Mismatched or Suspicious Links
Hover over any link before clicking it. The URL shown in the status bar should match where the link claims to go. Look out for misspellings like arnazon.com or extra subdomains like amazon.login.fakesite.com.
6. Poor Grammar and Spelling
While sophisticated phishing emails are increasingly well-written, many still contain awkward phrasing, unusual capitalisation, or obvious spelling mistakes. This is often a deliberate filter to target less cautious recipients.
7. Requests for Sensitive Information
No legitimate bank, email provider, or government agency will ask you to confirm your password, PIN, or full credit card number via email. If an email asks for this, it is almost certainly fraudulent.
8. Unusual Branding or Formatting
Poorly reproduced logos, mismatched fonts, or off-brand colour schemes can indicate a fake email. Compare the email to a genuine one from the same organisation to spot discrepancies.
What to Do If You Receive a Phishing Email
- Do not click any links or open any attachments.
- Report it to your email provider using the "Report Spam" or "Report Phishing" option.
- Forward it to relevant authorities (e.g. report@phishing.gov.uk in the UK, or the Anti-Phishing Working Group at reportphishing@apwg.org).
- Delete the email after reporting it.
If You've Already Clicked a Link
Act quickly. Change your password for the affected account immediately, enable two-factor authentication, and check for any unauthorised activity. If financial details were compromised, contact your bank straight away.