How to Spot a Phishing Email: With Examples

Email phishing remains a prevalent form of cybercrime, consistently catching individuals and organizations off guard, despite our perceived understanding of these scams. Moreover, a staggering 83% of organizations fell victim to phishing attacks in the past year. Additionally, many Report highlighted that 25% of all data breaches involve phishing incidents.  

 These statistics underscore the significant cybersecurity risks posed by phishing. A single deceptive email can enable criminal hackers to pilfer personal information or implant malware on devices.  

 Fortunately, thwarting these attacks often boils down to recognizing the signs of phishing emails. This blog employs real-life examples to illustrate five common indicators that someone may be attempting to deceive you.  

Identifying Phishing Emails: A Guide to Spotting Scams

When assessing the legitimacy of an email, one key factor to consider is the sender’s email domain. Legitimate organizations typically use their email domains rather than public ones. For instance, emails from Google will have the domain ‘‘. 

 If the domain aligns with the apparent sender of the email, it’s likely legitimate. Conversely, if the email is from an unaffiliated address, especially a public domain like ‘‘, it’s probably a scam. 

 A red flag is raised when the email address doesn’t match the apparent sender. For example, receiving an email seemingly from PayPal with a sender’s address ending in ‘‘ suggests a potential scam. Even if the email looks realistic, scammers may customize the sender’s name to deceive recipients. 

 Some phishing attempts may employ a more sophisticated tactic by including the organization’s name in the local part of the domain, like ‘[email protected]‘. It’s crucial to focus on the portion of the address after the ‘@’ symbol to determine the true source of the email. If it’s from a public domain, such as ‘‘, it’s likely from a personal account and should be treated with suspicion. Always verify the legitimacy of the sender’s email domain to protect yourself from phishing attacks. 


Detecting a misspelled domain name

Another significant indicator of phishing scams lies within domain names, but unfortunately, this factor complicates the previously mentioned clue. 

The issue arises from the fact that anyone can purchase a domain name from a registrar. While each domain name must be unique, there are numerous ways to create addresses that closely resemble the legitimate ones they are attempting to mimic. 

 For instance, scammers might register a domain like ‘’, which mirrors the words ‘Microsoft Online’ and could easily be mistaken for a legitimate address by a casual reader. 

 Some fraudsters take their creativity a step further. In an episode titled “What Kind Of Idiot Gets Phished?” On the Gimlet Media podcast ‘Reply All,’ a compelling example was demonstrated. The show’s producer, Phia Bennin, enlisted the services of an ethical hacker to conduct phishing experiments on various employees. The hacker purchased the domain ‘,’ intentionally misspelled ‘media’ as ‘rnedia,’ and successfully impersonated Bennin. 

 The scam proved so effective that it even deceived the show’s hosts, Gimlet Media’s CEO, and its president. Bennin revealed that falling victim to a phishing attempt is not always necessary for a criminal hacker to gather valuable information. 

 In this case, the ethical hacker, Daniel Boteanu, could track when the link was clicked, noting that it had been opened multiple times on different devices. He deduced that the target’s curiosity repeatedly led them back to the link, although they were suspicious enough not to follow its instructions. 

 Thus, even when the initial attempt is thwarted, criminal hackers may still gain valuable insights into an organization’s strengths and weaknesses through the indecisiveness of potential targets. Armed with this information, they can effortlessly launch subsequent scams until finding someone susceptible. 

 Everyone within an organization must be confident in their ability to promptly recognize and thwart phishing scams, as criminals only need one mistake from one employee to achieve success in their operations. 

Identifying Phishing Emails Through Language Errors

Detecting potential scams in emails is often linked to the quality of writing. Poor spelling and grammar can be indicative of a scam, with the notion that cybercriminals deliberately use these errors as a filtering system to target the most unsuspecting individuals. 

 This theory, however, mainly applies to elaborate schemes like the infamous Nigerian prince scam, which primarily preys on highly gullible individuals. These scams are manually operated, and once a person takes the bait, scammers must engage in ongoing communication. Consequently, they aim to filter out respondents who might catch on to the deception. 

 Yet, this filtering strategy doesn’t align with phishing attacks. In phishing scenarios, scammers deploy mass email campaigns without the need for tailored responses. This eliminates the necessity to filter out potential victims, as the goal is to cast a wide net and capitalize on unsuspecting recipients. 

 So, why do many phishing emails exhibit poor writing? The simple answer is that scammers often lack proficiency in the English language. Many operate from non-English-speaking countries with limited exposure to the language, making it easier to distinguish their communication from that of legitimate senders. 

 When crafting phishing messages, scammers may rely on spellcheckers or translation tools, resulting in messages that contain correctly spelled words but lack proper contextual usage. These emails may include grammatical errors that native English speakers wouldn’t make, such as “We detected something unusual to use an application.” 

 Instances of missed words, like “a malicious user might trying to access” and “Please contact Security Communication Center,” are consistent with the language mistakes made by English learners. Consequently, an email written in this manner is likely a scam. 

 However, it’s essential to note that not every email with an error is a scam. Typos can happen to anyone, especially when rushed. Recipients must assess the context of the error by considering factors such as whether it’s a common typo, if it’s a mistake a native speaker wouldn’t make if the email appears to be a template, and if it aligns with previous messages from the sender. 

 When in doubt, recipients should look for additional clues or contact the sender through alternative communication channels, such as in person, by phone, via their website, an alternative email address, or an instant messaging client. 

It includes suspicious attachments or links

Phishing attempts can take various forms, with emails being a common vehicle for these scams. However, it’s crucial to recognize that phishing tactics extend beyond emails to include text messages, phone calls, and social media posts. 

 Regardless of the delivery method, phishing messages typically contain a payload designed to compromise sensitive information such as login credentials, credit card details, and account numbers. This payload can take the form of an infected attachment or a link to a fake website. 

 Whether the recipient anticipates a particular message or not, the danger lies in the payload. Opening an attachment, even seemingly related to an expected invoice, can lead to the release of malware on the recipient’s computer, enabling various malicious activities. 

 A precautionary approach is advised—never open attachments unless certain of their legitimacy. Even if the sender seems legitimate, be vigilant for any suspicious signs in the attachment, such as unexpected pop-up warnings or requests for settings adjustments. 

 Identifying suspicious links is equally critical. While scammers may disguise the destination address with a button, users can hover over links on a computer or hold down on mobile devices to reveal the actual destination. This diligence is essential, especially when dealing with emails that appear to be from trusted entities like Netflix. Scammers often use mock-up websites, prompting users to enter sensitive information under the guise of addressing issues like a subscription problem. 

 In summary, users must exercise caution, verify legitimacy through alternative means of communication, and scrutinize attachments and links before taking any action, maintaining a proactive stance against phishing threats. 

The message creates a sense of urgency

Scammers are aware of our tendency to procrastinate, making urgency a key element in their deceptive messages. When we receive emails containing purportedly critical information, our inclination is often to defer dealing with it until later. However, delaying our response allows us to scrutinize the message more closely, potentially unveiling inconsistencies. 

 Upon closer inspection, we might notice that the organization typically contacts us through a different email address, or we might confirm with a colleague that they didn’t send the mentioned document. Even without a clear ‘a-ha’ moment, revisiting the message later can provide fresh perspectives, aiding in the identification of its true nature. 

 This explains why scams frequently emphasize the need for immediate action; otherwise, dire consequences are threatened. This tactic is evident in various examples, including messages seemingly from PayPal, Windows, or Netflix—services integral to our daily lives. Any issues with these accounts could lead to instant inconveniences, exploiting the fear of missing out. 

 This manufactured urgency is just as potent in workplace scams. Cybercriminals understand that a message appearing to be from a superior with a pressing request is likely to prompt immediate action, especially when it implies that other senior colleagues are depending on it. Phishing scams leveraging this strategy can be particularly perilous, as recipients might hesitate to question their boss, fearing potential unprofessionalism. 

 Despite the apprehension, organizations emphasizing cybersecurity would appreciate caution over recklessness. Employees detecting a potential scam should be encouraged to raise concerns, with the organization valuing a safety-first approach. In such cases, it’s crucial to create an environment where individuals feel comfortable reporting suspicions without the fear of retribution, ultimately strengthening the overall cybersecurity posture. 

Prevent phishing by educating your employees

In collaboration with 2bInnovations, our Phishing Staff Awareness Training Programme becomes an even more robust solution for fortifying your organization against phishing attacks. 2bInnovations, a leading provider of cybersecurity services, brings its expertise to enhance our training program, ensuring that your employees receive cutting-edge insights and techniques to combat evolving threats. 

  With 2bInnovations on board, our training program not only imparts essential knowledge on phishing scams but also integrates industry-leading practices for a comprehensive cybersecurity approach. Their proven track record in delivering effective cybersecurity solutions further reinforces the quality and efficacy of our training initiative. 

  By investing in our Phishing Staff Awareness Training Programme in collaboration with 2bInnovations, you not only educate your employees on the intricacies of phishing but also leverage the expertise of a trusted cybersecurity partner. This dual approach not only strengthens your organization’s defense against phishing attacks but also fosters a proactive cybersecurity culture that is crucial in today’s dynamic threat landscape. 

  Together, we empower your team with the knowledge, skills, and advanced cybersecurity strategies needed to proactively identify and thwart phishing attempts. With the combined forces of our comprehensive training and 2bInnovations’ cybersecurity prowess, you elevate the overall security posture of your business, ensuring that it remains resilient against the ever-evolving landscape of cyber threats. 

Leave a Reply