Five giveaways that show an email is a phishing attack

Some goldfish being lured by fishing hooks
(Image credit: Shutterstock)

Phishing is possibly one of the biggest threats to organisations and the security of their infrastructures. When it takes place a phishing attack scams a user into giving away personal data such as bank details, credit card numbers and login credentials. These attacks happen via an email, which include a link that sends users to what, at first glimpse, looks like a legitimate site. For example, a hooky email could claim to be from from your bank, requesting a log in or a confirmation of personal details.

Symantec research indicates that in 2020, 1 in every 4,200 emails was a phishing email. With spear phishing attacks 65% of active groups relied on this techniques as the main infection path. According to research from Proofpoint, three-quarters of globally experienced a phishing attack in 2020.

The average number of business email compromise (BEC) attempts received in the last year saw a dramatic 15% increase between the second and third quarter of 2020. Increasingly, organisations see malicious data breaches caused by stolen credentials, rather than malware installation.

To avoid being the next victim, here are four giveaways that show an email is a phishing attack.

The email was unsolicited

Legitimate companies never email users asking for personal information. Neither would they send an email unannounced asking you to download an attachment. No matter how real the email looks, if it is unsolicited and it is asking you to do something, it is most likely a scam.

This is especially true for phishing attacks pretending to be from your bank. According to data from Kaspersky, the detection of phishing pages which mimicked legitimate banking services topped the list of the most popular phishing scams, leaving the longtime leaders of this chart global web portals and social networks - behind.

Towards the end of last year, a wave of Bitcoin scams found their way into email inboxes, riding on the wave of skyrocketing values to con users into giving away thousands of pounds in so-called investments from phishing pages.

Another increasingly common email is one which will state that there is an invoice attached, but which will give very little detail in the actual body of the email. Always check that the sender is legitimate and that the invoice is expected, and never download or open an unexpected invoice attachment.

Poor grammar and spelling

Emails from legitimate sources generally make sure that there are no typos, no spelling errors, and good grammar. Professional companies have teams dedicated to proof checking all marketing material it sends out. Hackers often lack those writing skills. As well as this, they may not have English as a native tongue. We can assume that the criminal wrote the text in their own language and then used a translation tool to convert the text into English.

This means that if you have an email purporting to be from your bank and it has various examples of bad spelling and grammar, then it is most likely not from that bank but from a criminal.

The same applies to pixellated or miss-sized company logos, and email headers and footers that have the wrong company address or spelling errors. However, cyber criminals are getting better at mimicking legitimate company communications, so if in doubt, don't click on any links in the email.

Mismatched URLs

Criminals try to fool victims into clicking on links that to the reader look like the real URL of a legitimate website, but the hyperlink actually is a URL belonging to a criminal. You can prevent visiting the link by hovering your mouse arrow over the link; most browsers will display the real URL link at the bottom of the browser window. If that URL doesn't match with the link the arrow hovers over, it is most likely a trick.

Scammers are also getting more sophisticated at masking the sender's email address. It may appear as 'Amazon Orders' in your inbox, but the email address itself will feature a mix of letters and numbers which marks it out as being fake.

The email features fake URLs

Legitimate emails will feature URLS that lead back to an official website of a company. The URL will have a straightforward name (i.e. A criminal will try to make a URL look like a real website as much as possible (such as Users should always check any link before clicking on it. Better still, always check a URL by cutting and pasting the link into a search engine. A scam should reveal itself in the first page of results.

This type of activity is not limited to banks; criminals have even created fake URLs containing the word Steam' in order to make the fake even more like the original and deceive inexperienced gamers.

Another recent tactic is the use of bogus characters; for example and both look identical, except for the diacritic mark above the 'e' which marks it out as a scam. If in doubt, always type the URL of the site yourself to ensure you're being taken to a trusted page.

Infected attachments

Attachments carried by emails may appear benign, but they could be infected with malware. A common disguise is as an invoice or bill, which could set hearts racing and fingers clicking. In today's commercial whirlwind, we are all guilty of purchasing goods and services and subsequently forgetting the episode ever happened, so it's easy to see how this tactic would be effective.


The Okta digital trust index

Exploring the human edge of trust


Once an infected attachment has been opened, users may discover the document is not actually tailored specifically to themselves, indicating suspicious activity. Unfortunately, by this point, it's already too late. The malware has already been unleashed upon the victim's computer.

Attachments should only be opened if users are confident they are sent from a legitimate party. If clicking on an attachment activates a pop-up warning of unstable or unknown content, take this as a tell-tale signal not to open the file. Pop-ups can also request the user to alter certain security settings to access the file another red flag.

If you're unsure about an email, or the attachment's origin and intention, it's best to contact the sender through an alternative medium and requesting validation or clarification, in one form or another. But if in doubt, err on the side of caution.

Esther Kezia Thorpe

Esther is a freelance media analyst, podcaster, and one-third of Media Voices. She has previously worked as a content marketing lead for Dennis Publishing and the Media Briefing. She writes frequently on topics such as subscriptions and tech developments for industry sites such as Digital Content Next and What’s New in Publishing. She is co-founder of the Publisher Podcast Awards and Publisher Podcast Summit; the first conference and awards dedicated to celebrating and elevating publisher podcasts.