8 Common Signs of an Email Phishing Attempt

March 29, 2022
March 29, 2022
Illustration of a letter being opened by a fishing hook depicting a phishing email

Over the past five years, phishing has been the number one strategy used by online fraudsters. Email phishing is exceedingly common, and while they have low success rates, those who fall victim can lose significant amounts of money and valuable data.

While phishing can carry risks for anyone online, companies have the unique increased risk of having their employees targeted through their business emails. When employees of a company are targeted by phishing attempts, the fraudsters are typically implementing more sophisticated strategies, such as spear phishing or whaling, in hopes to gain access to business accounts. This type of targeting can result in security breaches that extend past email access and include access to sensitive internal data like financial information or customer data.

It's critical that all business employees know the signs of phishing attempts, whether URL phishing, spear phishing, whaling, or other phishing techniques. With more than 240,000 phishing attacks carried out globally in 2020 - nearly double from the previous year - it's a case of when, not if, scammers target your business. Thankfully, there are telltale signs.

Quick email phishing facts

  • Of all the world's cybercrime organizations, around two-thirds utilize email phishing.
  • It's a phishing attack that is easily replicated and automated by attack bots repeatedly. Once set up, it requires very little manual labor to carry out.

While many people trust themselves to identify a phishing email when they receive one, the fact is that often they don't. For example, more than a quarter of business owners in the U.S. reported a data breach in 2020. We also know that 22% of data breaches result from phishing attacks.

8 giveaways of someone using email phishing

If you're wondering how to identify a phishing email, there are a few signs. The best thing you can do is instruct staff to exercise caution and vigilance and report any email they suspect is a phishing attempt.

You can make a list of these signs available to staff at your business and encourage them to consult the list if they're ever unsure of something.

The email ID of the sender is from a non-business domain

The vast majority of emails you receive will be from businesses or organizations with their email domains. They're not likely to be from @gmail.com emails. If they are, you should exercise caution.

However, the fraudsters that send phishing emails know this, so they've adapted to try and avoid your phishing email detection plans.

They can change the display name on the email to represent the organization they're mimicking. So, for example, the name on the email account may say it's from Google, but the email address is google@google-alert-365.com.

This public or irregular domain name is a real giveaway of an email phishing attempt.

The domain name is spelled wrong

Spelling and grammatical errors are other common signs of a fraudulent email, mainly when the mistake is in the domain name.

Phishing emails often direct you to a domain to steal your details. So they need to replicate the organization's web domain they're masquerading for this to work. Still, they need to use a different domain name because the real one is already taken.

Fraudsters attempt to subtly change the spelling of the domain name to make it look the same when it's not. Often these fake URLs require close inspection because they replace characters with ones that appear similar.

For example, google.com could become goog1e.com in a phishing email.

The email is poorly formatted

In the same way that phishing emails often have grammatical and spelling errors, the layout can appear wrong.

This can come through in several different ways. Still, it's essential to realize that organizations that send emails spend a lot of time making sure they're right. So, for example, they would never send an email with different font sizes, misaligned paragraphs, or images that don't fit.

Suppose you receive an email that looks wrong, especially if it's claiming to be from a reputable sender who would know better. In that case, there's a high chance that it's a scam email.

The email attachments look skeptical

Scammers often use email attachments to install vicious malware onto your computer. There are common types of files they will use in these instances, such as .EXE or .SCR Files. If you see an email attachment in this format, it's best to exercise caution before opening it.

As in previous examples, fraudsters are becoming more sophisticated in this technique. They can use more generic PDF files to install malware, and often you won't know anything is wrong until you've opened the attachment and it's too late.

It's important to tell staff not to open attachments unless they know and recognize the email sender. If they're not sure, they should contact the sender independently (i.e., not just by replying to the email) to check.

If you receive an email from Google, you would expect any link within that email to go to a Google page. However, a phishing email will try to send you to a different page, which is apparent when the link doesn't match the website of the supposed email sender.

Scammers know this, though, so they may try to hide the link behind a button or hyperlink. However, you can do a scam email check to ensure the URL is legitimate by first reviewing or previewing the URL.

There is a sense of urgency in the email

The quicker you act on an email, the more likely you will fall for a phishing attack. Unfortunately, scammers encourage you to do whatever they're asking you to do quickly, without thinking about it.

Phishing emails may include the subject line 'Urgent", "Attention Required," or other such phrases to heighten the sense of importance and encourage action without second-guessing it. They may also request immediate action in the email body itself.

One of the best approaches to email fraud detection is vigilance and caution. Before replying, clicking, or interacting with a suspicious email, take a few moments to review the sender and the request.

There are unreasonable requests

Phishing emails can often imitate work colleagues making requests of their co-workers, relying on the relationship between people to have them carry out tasks.
Fraudsters can even masquerade as company CEOs, which is known as spear phishing. In these instances, they are hoping employees are less likely to question the legitimacy of a request from their boss.

It's important to stop and consider the nature of the request. It may not necessarily be an odd request, but it could be a strange request to come from that particular person. Try reaching out to the person (your boss, the CEO, etc.) through other communication channels first to confirm the legitimacy of the email.

For example, someone in your accounts department isn't likely to ask you to pay an invoice - they would do that themselves. Another example would be if the CEO of your company emails you asking for your cell phone number for an urgent request.

Their email asks for your financial information

If you're wondering how to spot phishing attempts, one of the most basic things is that you should never give out any financial information over email. It doesn't matter who the sender is or how reputable the request seems, no legitimate organization would ask for financial information in this way. useful you deem that information.

This includes banks, credit card companies, and government departments.

Scammers can already have partial information, so even if they're asking for something that seems innocent, it can be all they need to steal from you.

You can tell your staff that any request to reveal such information over email is a phishing attempt.


Knowing indicators of phishing emails is an excellent start to your defense against fraud, but it is only a start. One of the reasons these attacks are successful is they rely on people implementing what they know. Sadly, businesses often fall victim to phishing because this doesn't happen.
While protecting against email phishing is more often than not a judgment call on the receiver’s part, you can protect against those successful email phishing attacks from breaching your website with accurate user detection throughout your site. By identifying each and every unique visitor that visits your website, you’ll be able to detect and flag suspicious activity, such as that of a successful social engineered phishing attempt from elsewhere. You can then require further authentication prior to a login or purchase. Learn more about how Fingerprint can help combat phishing and other types of attacks, including account takeovers.

All article tags

  • Account takeover