Select Page

How to identify a phishing email

CYBSAFE-SebDB Webinar-preblog-221011MS-36

19 December 2018

You’ve received an email.

As no phishing filter can keep out 100% of all phishing attacks, there’s a chance the email could be a phishing scam – no matter what it looks like.

How do you check whether or not the email is a phishing attack? How to identify phishing emails quickly?



Step 1: Is the email legitimate?

When trying to identify a phishing email, first, take stock.

Before beginning to dissect the email, ask yourself whether or not it was expected.

Phishing emails are typically unsolicited and it’s that that makes them conspicuous. An unsolicited email is the first clue an email might be phishing.


Step 2: Does the email ask you to break company policy?

In a 2017 Vice article, a professional penetration tester revealed how she manipulated an employee to gain physical access to confidential information. First, she garnered sympathy from her victim, then solicited site access without identity verification.

An email chain that somehow leads you towards sidestepping company policies is a red flag. If at any point you’re considering skirting company policies as the result of an email message, it’s highly likely you’re under attack.


Step 3: Does the email attempt to evoke emotion?

As we’ve discussed elsewhere, even rudimentary phishing emails are calculated affairs.

Phishing emails seek to tug at heartstrings in an effort to influence behaviours. Evidence of emotional manipulation is therefore something to look out for.

Is the email designed to make you panic, perhaps by claiming criminals are attempting to access your online bank account?

Does the email make you feel guilty? Or sympathetic towards someone in need? Does the email pique your curiosity with the promise of photos or confidential information?

If an email heightens your emotions, take a moment to pause. There’s a chance the email’s pretext is fictional and the email is merely a phishing attack.

Step 4: Does the email include attachments or links?

Phishing emails typically seek to either steal your personal information (identity theft), install malware or persuade you to do something you otherwise wouldn’t do.

While the latter doesn’t necessarily rely on you clicking malicious links or opening malicious attachments, criminals usually rely on sending a suspicious link and/or attachment to steal your information, login credentials or install malware.

The presence of links and attachments can help to identify a phishing email – especially if the email or a follow up phone call is unexpected and emotionally manipulative (see above).


Step 5: Check the sender details 

Checking the sender details isn’t foolproof. An email account can be hacked and sender details can be spoofed. But, for the most part, it’s possible to identify phishing emails as fraudulent by scrutinising the senders’ details, especially the email header. 

Emails that claim to be from companies such as Apple might be sent from domains such as Or, they could be from Both should raise alarm bells.


What to do if a suspicious email turns out to be a phishing attack

Phishing attacks are on the rise. From time to time, it’s likely that phishing emails are going to land in your inbox.

Alone, they’re nothing to be particularly worried about. If you suspect an email to be a phishing attack, be sure to avoid clicking any of its links or attachments. Instead, report the email to your IT or security team, who can inspect the email in a controlled environment, verify for certain whether or not it’s a phishing attack and take the appropriate course of action.

If you’d like further protection from email and spear phishing, CybSafe is developed by psychologists and behavioural scientists to help you spot phishing emails quickly and efficiently. Simulated attacks reinforce new skills, while AI-machine learning ensures the platform adapts to both your organisation’s needs and the threat landscape.

You can arrange a free CybSafe demonstration here.


Behave Hub newsletter CybSafe

Do one more thing right today. Subscribe to the Behave newsletter

You may also like