Learn how to spot and avoid phishing emails, as well as report any suspicious ones.

Phishing Emails: How to Spot and Avoid Them

Yann News 16 minutes

Phishing emails are becoming increasingly common, and they can be difficult to spot. These fake emails are designed to trick you into clicking on a link, sharing personal information, or giving away your money. They often use branding from businesses or organizations you already have a connection with, such as your bank or doctor, or from companies you might be interested in buying from, like a fashion brand or holiday company.

An illustration of a laptop with an envelope and money.

An illustration of a laptop with an envelope and money.

It’s important to be vigilant when checking your emails, as phishing emails are getting more convincing all the time. There are some signs that an email might not be genuine, such as an amazing, time-limited offer or an email that doesn’t use your name. Spelling and grammar mistakes used to be a giveaway, but phishing emails are getting more sophisticated than they used to be. If you’re not sure if an email is genuine, it’s best to visit the organization’s website directly rather than clicking through.

If you suspect that an email might be a phishing scam, it’s important to take action. Don’t reply, click on any links, call any phone numbers, or make any payments. Instead, check if the email is genuine by contacting the organization directly using an email address or phone number you know is correct. Before you delete the email, forward it to report@phishing.gov.uk.

Key Takeaways
Phishing emails are fake emails designed to make you click on a dodgy link, part with money or share personal information.
Recognising phishing emails can be difficult, but there are some signs to look out for, such as an amazing, time-limited offer or an email that doesn’t use your name.
If you suspect fraud, break the contact, check if it’s genuine, and report it to the relevant authorities.

Recognising Phishing Emails

An illustration of a computer screen with a paper on it.

An illustration of a computer screen with a paper on it.

Phishing emails are fake emails designed to trick you into clicking on a dodgy link, sharing personal information or parting with your money. Fraudsters often use branding to make it look like the email comes from a business or organization you already have a connection with, such as your bank, your doctor, a tradesperson or HM Revenue and Customs (HMRC). Alternatively, the email may appear to come from a business you’d be interested in buying from, such as a holiday company or fashion brand.

Identifying Suspicious Content
With the rise of artificial intelligence (AI), phishing emails are getting more convincing all the time. However, there can be some signs that an email isn’t genuine, so look out for:

Spelling and grammar mistakes, though phishing emails are getting more sophisticated than they used to be.
Imagery or design that looks familiar but doesn’t feel quite right.
An unusual email address – it might look a bit similar but does it really match the official company’s email address?
An amazing, time-limited offer or strong encouragement to ‘click here/now’ – encouraging you to respond quickly.
An email that doesn’t use your name – perhaps they don’t really know who you are.
Encouragement to click on an unknown link – if you’re not sure, visit the organization’s website directly rather than clicking through.
A request for you to share personal data.
Common Tactics Used by Fraudsters
Fraudsters use a range of tactics to make phishing emails more convincing. These include:

Urgency: Phishing emails often create a sense of urgency to encourage you to take action quickly.
Red flags: Phishing emails may contain red flags, such as unsolicited emails, unexpected attachments, or requests for personal information.
Malware: Some phishing emails contain malware that can infect your computer or mobile device.
Virus: Phishing emails may contain viruses that can damage your computer or mobile device.
Urgent: Phishing emails may use language that creates a sense of urgency, such as “your account has been compromised” or “urgent action required.”
Phishing scams: Fraudsters use a range of phishing scams, such as spear phishing and whaling, to target specific individuals or organizations.
Link: Phishing emails may contain links that take you to a fake website designed to steal your personal information.
Email address: Fraudsters may use email addresses that look similar to the official company’s email address to trick you into thinking the email is genuine.
Design: Phishing emails may use design elements that look similar to the official company’s branding to trick you into thinking the email is genuine.
Spelling and grammar mistakes: Phishing emails may contain spelling and grammar mistakes, though they are getting more sophisticated than they used to be.
Time-limited offer or strong encouragement to ‘click here/now’: Fraudsters may use time-limited offers or strong encouragement to ‘click here/now’ to create a sense of urgency and encourage you to take action quickly.

If you suspect fraud, it’s important to stop and take action to protect yourself. Don’t reply, click on any links, call any phone numbers or make any payments. Instead, check if the email is genuine by contacting the organization directly using an email address or phone number you know is correct, e.g. from your utility bills, via a search engine, on the back of your card or by calling 159 for banks. Before you delete the email, forward it to report@phishing.gov.uk.

Taking Action Against Phishing

An isometric image of a laptop with email icons on it.

An isometric image of a laptop with email icons on it.


Steps to Protect Yourself

Phishing emails are designed to trick you into clicking on a dodgy link, parting with money, or sharing personal information. To protect yourself from phishing scams, follow these steps:

Be cautious of emails that offer an amazing, time-limited offer or strong encouragement to ‘click here/now.’ Fraudsters use these tactics to encourage you to respond quickly without thinking.
Check if the email uses your name. If it doesn’t, it may not be genuine.
Look out for spelling and grammar mistakes. While phishing emails are getting more sophisticated, they may still contain errors.
Be wary of imagery or design that looks familiar but doesn’t feel quite right.
Check the email address. It may look similar, but does it match the official company’s email address?
Avoid clicking on unknown links. If you’re not sure, visit the organization’s website directly rather than clicking through.
Never share personal data with anyone via email.

Reporting and Recovery
If you suspect a phishing email, take the following steps:

Stop all contact with the email. Don’t reply, click on any links, call any phone numbers, or make any payments.
Check if the email is genuine. Contact the organization directly using an email address or phone number you know is correct, e.g. from your utility bills, via a search engine, on the back of your card, or by calling 159 for banks.
Forward the email to report@phishing.gov.uk before deleting it. This will help the authorities to take action against the fraudsters.
If you’ve shared your bank details or password, contact your bank immediately to report the fraud.
Install antivirus software and a password manager to protect your personal information from cybercriminals.
If you’ve become a victim of fraud, report it to Action Fraud by calling 0300 123 2040 or visiting their website.
Remember, being vigilant and taking action against phishing emails can help you protect your personal information and maintain your trust in official organizations.

How can I differentiate between a legitimate email and a phishing email?
Phishing emails are designed to look like legitimate emails from trusted sources, such as your bank, doctor, HM Revenue and Customs (HMRC), or a business you have a connection with. However, there are some signs that an email may not be genuine. Look out for an amazing, time-limited offer or strong encouragement to ‘click here/now’ – encouraging you to respond quickly. Also, be wary of an email that doesn’t use your name, spelling and grammar mistakes, imagery or design that looks familiar but doesn’t feel quite right, an unusual email address, or a request for you to share personal data.

What are the common characteristics of phishing emails to be aware of?
Phishing emails often have characteristics that can help you identify them. Some common characteristics include an urgent or threatening tone, a sense of urgency or pressure, a request for personal information, a suspicious link or attachment, and a sender’s email address that doesn’t match the organisation they claim to represent.

In what ways do phishing emails attempt to obtain personal information?
Phishing emails may attempt to obtain personal information in various ways. They may ask you to click on a link that takes you to a fake website that looks like the real one, but it’s designed to steal your personal information. They may also ask you to download an attachment that contains malware or a virus that can infect your computer and steal your personal information. Additionally, they may ask you to reply to the email with your personal information or to call a phone number and give your personal information.