12 tips on how to identify a phishing or spoofing email

We have identified 12 tips below to help you become a better email user. But first up – let’s learn what is phishing and spoofing.

With over 260 million phishing emails sent every single day, it’s most likely you would have had one of these arrive in your inbox. So, how do you make sure you aren’t one of the many to fall victim to a phishing or spoofing attack? We have identified 12 tips below to help you become a better email user. But first up – let’s learn what is phishing and spoofing.

What is Phishing?

Phishing is an attempt to acquire sensitive information such as usernames, passwords, credit card details and sometimes money. Most often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication such as email.

What is Email spoofing?

Email spoofing is the creation of email messages with a forged sender address. It can be easy to do so due to the core protocols do not have any mechanism for authentication. Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.

Top tips on how to identify a phishing or spoofing email

  1. If the email tells you to open an attachment, you should not do this. This is especially so if the attachment name ends in .zip, .pif or .scr.
  2. If there is a link in the email, hover your cursor over it (but do not click it). This often reveals that the real location the link will take you is a (phishing) website you have never even heard of. The domain name in the link will generally not relate to the sender of the email i.e. if it’s from your bank or The Department of Transport the link will be different to their websites.
  3. The body of the email will generally have poor grammar, whilst logos etc. will appear genuine; make sure to check the wording of the email carefully.
  4. If the email is from a ‘free’ email account (,, etc.), and you don’t know the sender, treat it with great suspicion.
  5. Is the email mentioning recent natural disaster or similar headline events?
  6. Scammers watch headlines carefully to monitor for anything causes people distress; it is a way of setting up fake charities to ask for funds that only ever help the criminals involved. This includes links to fake websites and PayPal accounts (again, don’t ever click).
  7. If you do click the link to go to, say, an online banking website, check to see if the address says ‘https’ or ‘http’. Almost all banking websites will use ‘https’. If you are still not sure, go to the actual website by opening a new tab and typing its name into your search engine. Compare the 2 addresses.
  8. If you get an email from a friend who lives close by, or who you can contact by phone, ask them if they sent you that email. Even the best phishers haven’t found a way to direct calls to them and perfectly imitate your friend’s voice. (Yet?!)
  9. Think back and ask yourself: Did I physically enter my name into this sweepstakes? Even if you think you “might” have, why aren’t they phoning you?
  10. Call the company direct, using the Yellow Pages phone directory, not the email contact details.
  11. Check both the ‘To’ and the ‘From’ lines. If they both have the same address/person/name in them, it is a phishing email/scam.
  12. Is there a threat of immediate detrimental action if I don’t respond with personal information? Threats by email are illegitimate, do not deserve your attention but may need to be drawn to the attention of police or anti-scam officials.

Phishing and spoofing continue to be a problem for companies worldwide and for all email users. They aren’t going anywhere, so being educated on security risks helps you. Compromised accounts not only pose a threat to your company’s IT or security department, but also lead to a drop in overall brand trust and loyalty, which can in turn affect your marketing, sales and devices and infrastructure. In order to secure hard-earned brand recognition and ultimately combat phishing attacks, iFactory can help you with helpful website support and secure web hosting.

Read more insights