7 Ways To Spot A Phishing Email & Protect Yourself

Remember when the only scam calls you had to worry about were those annoying PPI ones? These days, fraudsters have gotten a lot cleverer with their tricks, especially when it comes to emails. But don’t worry! At Phonely, we’re passionate about keeping you safe from scams, whether they come through your phone or your inbox. So, we’ve put together this straightforward guide to help you spot a phishing email before it can do any harm.

What is phishing? Why you should care

Phishing is a technique used by scammers to trick people into revealing personal details like passwords or bank information by pretending to be from a company or person they trust. This type of online scam is all about “baiting the hook” – sending out fake messages to see who “bites” by clicking on links or sharing personal data. But phishing doesn’t stop with emails; it also includes social media, text messages, and even phone calls.

In the United Kingdom, the Office for National Statistics reported that in 2022, 54% of adults had received a phishing message in the previous month. This figure was higher among certain demographics, with 58% of adults aged 25 to 34 years and 60% of those aged 35 to 44 years reporting such experiences

Phishing scams are a growing problem. According to the Office for National Statistics, in 2022, 54% of the UK had received a phishing message. 60% of those people were over 35 years old. Thankfully, recognising the warning signs isn’t difficult. Let’s break down the most common indicators of a phishing email so you’ll always be one step ahead of the scammers!

Real-world phishing scams: Notable examples

Example 1: Instagram phishing campaign

In 2021, a phishing scam targeted Instagram users by sending fake login pages that looked identical to the real ones. When users entered their credentials, attackers stole their account information, leading to privacy breaches and sometimes even financial loss, as scammers would sell access to these accounts. Phishing scams targeting popular social media platforms like Instagram highlight the need to verify URLs and avoid clicking on suspicious links.

Example 2: HMRC phishing emails in the UK

A common phishing scam in the UK involves fake emails from HM Revenue and Customs (HMRC). Scammers pretend to offer tax refunds and prompt users to enter personal details. Between September 2022 and September 2023, HMRC had over 130,000 reports about tax scams, 58,000 of those offered fake tax rebates. This scam is particularly dangerous, as it impersonates a trusted government entity. Always check the sender’s email address and avoid clicking links in unexpected messages from government bodies.

Example 3: Google Docs phishing attack

One of the most widespread phishing attacks involved fake Google Docs invitations. Attackers sent emails that appeared to be from Google, inviting recipients to collaborate on a document. When users clicked the link, they were redirected to a fake login page designed to steal their Google credentials. Claiming thousands of victims, this scam was first reported in 2017 and continues even now to trick users. It shows the importance of verifying the authenticity of collaboration requests, especially those with urgent or unexpected invitations.

How to spot a phishing email

1. The sender’s address looks fishy (pun intended!)

Just like how some scam callers pretend to be from your bank, phishing emails often pretend to be from well-known companies. But here’s the trick – look carefully at the sender’s email address. If it’s from “amazon-support@gmail.com” instead of “@amazon.com”, that’s your first red flag!

2. They don’t know your name

Legitimate companies usually know who you are. If an email starts with “Dear valued customer” instead of your name, be suspicious. It’s like getting a call from someone claiming to be your grandchild but not using your name!

3. They’re trying to rush you

Just like those scam calls telling you “your internet will be cut off in 1 hour!”, phishing emails often try to make you panic. Messages like “Act now!” or “Your account will be closed!” are classic pressure tactics. Remember – genuine companies don’t try to rush you into decisions.

4. Unexpected attachments or links

Be extra careful with any email asking you to click a link or download something you weren’t expecting. It’s like opening your door to a stranger – you wouldn’t do it without checking through your peephole first.

5. Spelling mistakes galore

Big companies have professional writers. If an email is full of spelling mistakes, weird grammar and odd spacing, it’s probably not legitimate. Think of it like those scam calls where the person can barely string a sentence together.

6. They’re asking for personal information

No legitimate company will ever email you asking for passwords or bank details. Ever! It’s like how we always tell you that your bank will never call asking for your PIN number.

7. Offers that seem too good to be true

Just won a competition you never entered? Found out you’re owed thousands in tax refunds? If it sounds too good to be true, it probably is!

Steps to protect yourself from phishing scams

Scams are deceptive, and you have to have your wits about you to spot a phishing email. But a few quick actions can safeguard you:

Before you click anything:

• Pause and scrutinise – don’t let a message’s urgency rush you into action.
• Check the sender’s email – confirm that the address is from a legitimate source.
• Hover over links – reveal the destination URL before clicking to ensure it’s legitimate.
• Contact the sender directly – if in doubt, reach out through an official contact number or website, not the one in the email.

Additional protective measures:

• Use unique passwords for each account: A compromised password on one account won’t endanger others. Tools like LastPass or 1Password can help you manage multiple passwords securely.
• Enable Two-Factor Authentication (2FA): Adding a secondary verification method, such as Google Authenticator or Authy, strengthens account security. These tools create a time-based code that provides an extra layer of protection.
• Install reliable antivirus software: Programs like Norton 360 or Bitdefender can identify and block phishing attempts in real time. Keeping these tools up-to-date is essential for maximum security.

What to do if you’ve fallen for a phishing scam

If you didn’t spot a phishing email and you’ve accidentally clicked a link or shared sensitive information, here’s what to do next:

1. Disconnect from the internet: Prevent further data transfer if your device has been compromised.
2. Change your passwords: Focus on high-priority accounts like email, banking, and social media.
3. Contact your bank: If financial data is shared, alert your bank immediately to prevent unauthorised transactions.
4. Report the scam: In the UK, report phishing attempts to Action Fraud on 0300 123 2040 or the National Cyber Security Centre (NCSC). Reporting scams helps protect others.

Frequently asked questions about phishing emails

What is phishing, & why is it dangerous?

Phishing is a type of online scam where attackers impersonate trusted sources to trick you into sharing personal information like passwords or bank details. It’s dangerous because it can lead to identity theft, financial loss, and even security breaches in organisations.

How can I tell if an email is a phishing attempt?

Look for signs like generic greetings, urgent language, poor grammar, suspicious sender addresses, and unexpected links or attachments. If something feels off, it’s best not to click any links.

What should I do if I accidentally clicked on a phishing link?

Disconnect from the internet, change your passwords for important accounts, and monitor financial transactions. It’s also a good idea to run a malware scan on your device.

How can I report a phishing email to my email provider?

Most email providers allow you to report phishing attempts directly. For example, in Gmail, click on “Report phishing” in the email options. Outlook users can right-click the email and select “Mark as phishing.”

What are some tools or browser extensions for identifying phishing?

Extensions like Netcraft and Avast Online Security help detect phishing sites. These tools alert you to suspicious URLs and provide insights into potentially unsafe sites.

Are phishing emails illegal, & what are the penalties for them?

Yes, phishing is illegal. In the UK, it is prosecuted under the Computer Misuse Act 1990 and can lead to fines and imprisonment for up to 10 years.

Next steps: Strengthen your phishing defences

• Educate yourself: Regularly read up on cybersecurity practices and stay informed about the latest phishing scams. At Phonely we update you with the latest scams on our blog.
• Stay alert for new scams: Phishing tactics evolve constantly, so staying updated on recent scams can help you recognise warning signs.
• Teach others: Share phishing prevention tips with friends and family, helping everyone stay protected.

The Phonely promise

At Phonely, we’re committed to keeping you safe from all types of scams. While our CallGuard service protects you from phone scams, we hope this guide on how to spot a phishing email helps you stay safe from email scams too. Remember, if you’re ever unsure about anything, our friendly UK-based team is always here to help.

Want to learn more about staying safe from scams? Why not join our Facebook community? It’s where our members share their experiences and tips about staying safe online. Or visit our main blog page, where you can learn about other scams to be weary of.

Final thoughts: Stay phishing-savvy

Spotting phishing emails is like recognising scam calls—if something feels off, it probably is. Take your time, trust your instincts, and remember: no trustworthy company will pressure you into sharing sensitive information. With a little vigilance, you’ll keep your inbox (and personal details) safe!