How to spot a potential phishing email

Need our help?

We constantly hear about the increasing instances in the media of cybercrime

Although CSCM has a team of experts and monitoring applications that protect our client’s IT systems from such threats, we still want to remind people of how a business can actively try and reduce the risks and protect itself.

Phishing messages are designed to appear from trusted people or organisations. They aim to trick you into revealing personal details or downloading something malicious to your device.

Here are some helpful tips on how we can all keep our information safe both at home and in the workplace.

How to spot a potential phishing email

Emails demanding urgent action

Emails threatening a negative consequence or a loss of opportunity unless urgent action is taken, are often phishing emails. Attackers often use this approach to rush recipients into action before they have had the opportunity to study the email for potential flaws or inconsistencies.

Poor grammar and spelling

Most genuine companies apply spell-checking tools to outgoing emails by default to ensure their emails are grammatically correct.

Unfamiliar greeting

Emails exchanged between work colleagues and known contacts usually have an informal greeting. Those that start with “Dear” for instance or contain phrases not normally used in informal conversation, are likely to be from sources unfamiliar with the style of office interaction used in the business.

Inconsistencies in email addresses, links and domain names

Does the email originate from an organisation corresponded with often, if so, just double-check the sender’s address against previous emails from the same organisation.  

Suspicious attachments

Most work-related file sharing now takes place via collaboration tools such as SharePoint, Teams or OneDrive. Therefore, external emails with attachments should always be treated suspiciously. Look at for ones usually associated with malware such as exe, zip etc.

Emails requesting login credentials, payment information or sensitive data

Emails originating from an unexpected or unfamiliar sender that request login credentials, payment information or other sensitive data should always be treated with caution. Do not input data into a login page until you have carried out due diligence to ensure the request is legitimate.

Too good to be true

An email that incentivises the recipient to click on a link or open an attachment by claiming there will be a reward of some nature, is very likely to be a phishing email.