Last updated: 03.06.24

How to Identify Email Phishing Scams


In our ever-growing technological era, where more people have an online presence than ever before, the risk of cybercrime activity has drastically increased. Now, cyber security is more important than ever to protect people’s personal and private data

One of the most common methods criminals use to target internet users is online phishing - a fraudulent practice where someone poses as a credible source with the intention of stealing valuable personal information. Online phishing can happen through many different types of media, including phone calls, texts, social media, and web links, but one of the most common types of phishing is email phishing scams. 

In 2021 alone, nearly 1 billion emails were exposed, affecting 1 in 5 internet users overall, according to reports. To put this into perspective another way, almost 1.2% of all emails shared are malicious, which is roughly 3.4 billion phishing emails every day, data reveals.

Falling for email phishing scams can have serious consequences, particularly for businesses, which means that understanding how these scams work and how to avoid them is critically important in the modern workplace. 

In this article, we’re going to dissect how to avoid email phishing scams by spotting their signs, how to protect yourself from them, and what to do if you’ve fallen victim to one. 

What is Email Phishing?

Simply put, email phishing is a type of online phishing scam that is conducted via email. The principal aim of email phishing scams is to acquire sensitive information, which can be used for a variety of criminal activities including gaining access to further data and accounts and even stealing money. This is achieved by posing as a credible person or organisation and tricking the recipient into divulging information such as:

  • Passwords
  • Credit card or bank account details
  • Home address
  • Login details

Often, the scammer will pretend to be your bank, HMRC, or a large trustworthy organisation such as Microsoft to trick you into sending them your security details. These scammers will often mock up a website that looks like an authentic one, in which they will ask you to enter your information once they’ve got your attention via email. 

as soon as they’ve gained the information they need they will commit fraudulent activities, which may include opening bank accounts or applying for credit cards. Or, an initial email phishing attack could lead to something more targeted, such as compromising your business email address.

The phishing attack takes place via email when a victim engages with content within the email itself, by doing things such as:

  • Updating a password in a link sent to them
  • Clicking on an attachment
  • Clicking on a link 
  • Visiting a website

How to Spot a Phishing Email

Thankfully, being vigilant can protect you and your organisation from email phishing scams completely. Unlike some cyber crimes, which are almost unavoidable (such as ransomware attacks), phishing email scams rely on you as a person to be fooled - they cannot be successful without your cooperation. However, this does mean that cyber criminals choose to repeatedly engage in email phishing scams because it is generally easier than complex hacking, so constant awareness and vigilance are required.

There are several ways in which you can spot whether an email might be a phishing attempt. Some of the signs of a phishing email can include the following:

Does The Email Address Look To Be Authentic? 

Phishing email scammers do a very good job of making their ‘sent from’ email look legitimate, but check the domain in particular. Does that domain actually go to the real site for the organisation the email purports to be from? You can also cross-check against previous emails you’ve received from the company the email claims to be from, and see if these align. If not, this could be a clear indication of a phishing email.

Do The Links Lead Where They Say They Do?

If you hover over any of the links contained within suspicious emails, you’ll be able to see where they point. If this is a different place from where the text suggests, there’s a good chance the email is trying to trick you into following the link and gaining your personal data.

Does The Email Contain Threats?

One of the main tactics phishing emails use to persuade their victims into acting the way they want them to is by making threats in the email content. These tactics usually mention account closures or fines to panic the subject. On the other hand, does the email make out-of-character promises, such as suggestions that you’re owed a tax refund? This is an equally suspicious tactic that phishing scammers use to gain your personal data.

Is The Content of a Good Standard?

Check the spelling and tone of the email content. If there are mistakes, and the email doesn’t sound like the organisation it claims to be, there is a good chance that it’s fake and is instead a phishing attempt. Large organisations will ensure their emails have a consistent tone of voice and contain no grammatical mistakes. 

Who Is The Email Addressed To?

Your bank and other organisations you do business with will know your full name. In comparison, email phishers may only have part of your name, or might not even have it at all. So, be cautious if the sender is not able to verify their legitimacy by addressing you with your full name. 

Aside from the above, simply use your common sense. If you sense that something is off about an email you receive, then take steps to confirm it’s authentic. It’s always better to be cautious than to regret something later down the line by falling subject to an email phishing scam. 

How to Protect Yourself

In addition to being able to spot suspicious emails, there are a variety of ways that you can protect yourself and your organisation from the dangers of a phishing attack. Some of the most widely used techniques include the following:

Using an Email Filter 

Email filters are designed to prevent phishing messages from reaching your inbox. There are a variety of ways in which these work, but often they cross-check incoming emails against addresses from known scammers. Most email providers will employ these filters, and they catch a great amount of suspicious emails when they land in your inbox. Do note, however, that they naturally cannot be 100% effective, so vigilance is still required.

Using a Web Filter 

By downloading a web filter that is designed to prevent access to malicious links, you put up a wall to protect yourself from dangerous phishing attacks. These web security gateways work by cross-checking any links that you click against a database of known malicious links. This way, if you accidentally click on a link within a phishing message, you will be blocked from progressing further.

Notifying Your Colleagues If You See Fraudulent Emails In Your Inbox

It’s rare that only one member of an organisation will receive a phishing email as phishing attacks tend to happen as a group. So, letting your team members know you have been at the hands of a phishing attempt will help you understand if a phishing attack has been made against your business, and let your team take the steps they need to prevent your data from being taken. 

Ensuring Your Antivirus Software is Up-to-date 

Having reputable antivirus software on your devices that is trusted and up-to-date will protect your computer if a link in an email points to a malicious software download that could corrupt your private information. 

What to Do if You’ve Fallen Victim to an Email Phishing Scam

Think that you’ve fallen victim to an email phishing scam? Ensure that you change all of your passwords as soon as you can. A lot of people use the same - or similar - passwords for several sites, and so this makes it easier for phishers to get into several sites to access your information. As such, you need to think fast if you’ve been targeted and have either clicked on a link or responded to an email with personal data to ensure that you remain protected. 

However, if the thought of having too many passwords to remember is overwhelming, you can always utilise a password manager to store your unique passwords for different sites and accounts, which can keep these encrypted so you remain highly secure. 

If you continue to get these phishing messages into your inbox, be sure to block them. This will help your email provider identify when emails come through from the same email address, or different, linked email addresses, and will channel these into your junk mail so that you don’t have to worry about them. 

It also helps to keep abreast of any new well-known email phishing scams that are in operation, and there are a variety of resources available on the internet to help you with this.

The Cyber Security Training Course, offered by Virtual College by Netex, is an ideal starting point for understanding the risk of cybercrime as well as the different types of cyber threats, what happens when your security has been breached, and how to protect your network from being attacked by cyber criminals.


Should I Worry if a Scammer Has My Email Address?

If a scammer has your email address and is sending you phishing emails, you should take the actions necessary to protect your account. Make sure you’re not engaging with any of the phishing emails you are being sent and take additional security measures to protect your account, as discussed in the above article.

Is It Better to Block Spam Emails or Just Delete Them?

By blocking spam emails, you take the action necessary to prevent these emails from reaching your inbox again, meaning you’ll be less likely to receive similar phishing emails in the future. Just deleting them doesn’t help your email account recognise that you don’t want to receive these phishing emails going forward.

Do Spammers Know When You Block Them? 

A spammer can't know if you have blocked their phishing emails. Blocking these emails creates a filter in your email account to funnel messages into your spam folder so that it doesn’t overcrowd your inbox, but by doing this the sender doesn’t know that they’ve been blocked, unlike subscribing. 


As our digital era continues to advance, cybercriminals and hackers become more savvy and advanced at creating new and convincing email phishing campaigns to lure you into handing over your data. Now more than ever, it’s essential that you equip yourself with the knowledge and training you need to identify email phishing scams accurately and take action in the event of an email phishing attack to protect you and your team at work. We hope this article has offered you the essential insight you need to do this confidently and competently. 

As a leader, you must understand the fundamentals of cyber security so that you can support your team in keeping your company safe from cyber attacks and other disruptive digital incidents. Our ‘Cyber Security for Leaders’ course is designed to help you do just this by identifying security threats and risk areas and understanding your responsibilities to your team to build a cyber safe culture.