Skip to main content

Cyber Security Awareness Month – Identifying a Phishing Email

16th October 2023

Cyber criminals are constantly devising new and convincing ways to trick people into divulging sensitive information or downloading malicious software. To protect yourself or your organisation’s data, it’s crucial to be constantly vigilant for phishing emails. Here are some top tips to help you spot them:

  1. Check the Sender’s Email Address
    Phishing emails often use deceptive sender email addresses that mimic legitimate ones. Hover over the display name to look for any misspellings or irregularities. Be cautious of generic email addresses or unusual domain names.

  2. Verify the URL before you Click
    Hover your mouse pointer over any links in an email without clicking them to reveal the actual URL. Be wary of shortened URLs or URLs that don’t match the organization’s official website or have misspelled variations.

  3. Be Wary if you are Asked to Login
    Phishing emails may contain pop-up forms or links to websites asking you to login with your personal or company credentials so they can be stolen. Check the domain in the address bar and never enter confidential information in such forms.

  4. Beware of Urgent Requests
    Phishing emails often create a sense of urgency, pressuring you to act quickly without thinking. Be sceptical of emails that threaten dire consequences or offer immediate rewards for taking specific actions. This may include emails purporting to come from senior managers.

  5. Check for Unsolicited Attachments
    Don’t open attachments from unknown or unexpected sources, especially if they encourage you to enable macros or click embedded links. Malicious attachments can contain viruses or malware that can harm your device.

  6. Woman Reviewing Suspicious Email

  7. Look for Generic Greetings
    Phishing emails often start with generic greetings like “Dear Customer” or “Hello User”. Legitimate organizations typically use your name or a personalized salutation in their communications. If it seems impersonal, it’s a red flag.

  8. Examine Spelling and Grammar
    Phishing emails often contain typos, grammatical errors, or awkward phrasing. Professional organizations generally proofread their communications thoroughly, so poor language should raise suspicion.

  9. Verify with the Organisation
    When in doubt, contact the organization directly through their official website or phone number. Confirm the legitimacy of the email or request before taking any action.

  10. Educate Yourself and Others
    Stay informed about current phishing techniques and educate your colleagues and family about the risks. Awareness is one of the best defences against phishing attacks.

  11. Report Suspicious Emails
    If you receive a suspicious email, report it to report@phishing.gov.uk. The NCSC can investigate and remove scam email addresses and websites.

In conclusion, phishing emails are becoming ever more convincing but by staying vigilant and following these tips, you can reduce your vulnerability to such scams. Always prioritise caution and verify the authenticity of any email that raises suspicions.

Richard S
Director at
BlueSOC

Latest News

Blog banner with blue words stating enhancing security in an evolving threat environment
3rd April 2025

Enhancing Security in an Evolving Threat Environment

BlueSOC Ltd is a trusted provider of SOC and SIEM services for important members of the UK government regulatory community. It also has other capabilities to help organisations, for example, by assessing their readiness for Cyber Essentials Plus…
Blog banner for a Q&A with a Sentinel Security Analyst
9th October 2024

Q&A about Microsoft Sentinel

For Cyber Security Awareness Month, we join up with our Security Analyst to provide insight into Microsoft’s Sentinel product, which we typically use as the core platform for our SOC services, and how it can be configured to meet an organisation’s requirements.
28th August 2024

Enhancing Our Cyber Security Services

BlueSOC, an ambitious cybersecurity startup, is proudly based in the Digital Security Hub (DiSH), the centre of Manchester’s thriving digital and cyber community. We have been enhancing our security services and want to provide you with a glimpse of our approach…