How To Spot Fake Emails and Phishing Scams

Phishing messages are so-called because, just like dangling a hook into a pond of fish, they're malicious spam that is sent to thousands of people at random in the hope that someone bites.

Criminals regularly use phishing emails to try to capture our personal details and passwords, as well as to spread computer viruses.

This page shows how to spot these scams & avoid them. If you've already opened a web link or file in an email or text that you're now having doubts about, then see our guidance on what to do next if you opened a scam email.

Jump straight to topic:


What is phishing?

A typical phishing message

The sender of text messages can easily be faked (eg "UK Gov") - never rely on the sender's name being genuine.

Phishing emails and text messages are sent by criminals to thousands of random people in the hope of stealing financial or other confidential information.

They might direct you to a fake website that asks for your personal information, or include an attachment which installs a virus or other malware on your computer when you open it.

Phishing is most commonly associated with emails, however they're also often sent by text message (sometimes known as "smishing"), and even as a recorded phone message ("vishing").


How to spot a phishing email or text

Phishing scams vary greatly in style and quality. Some are immediately obvious without needing to check any further, whilst others can be more subtle and clever. The good news though is that most phishing attacks can be easily spotted if you know the tell-tale signs to look for.

On this page we list the most common warning signs of a phishing email to watch for - most will have at least one of the following characteristics:

1) Unexpected

An unexpected email

I'm not expecting any payment from this company...

Most phishing attacks are sent out at random. Even when (by chance) a message appears to be from a company you have an account with, the fact it's unexpected should always make you question it.

Always pause & ask:

  • Is this message expected? If it's for a delivery you're not expecting, a product you've not bought, a payment you're not owed, or an invoice you know nothing about, then it's probably a scam.
  • Do you even know the company or person it's meant to be from?
An unexpected email that takes advantage of the WannaCry outbreak

A phishing email taking advantage of the global WannaCry outbreak.

Some scammers also take advantage of major news events to make their scams seem genuine, such as with the current Coronavirus pandemic. Lots of scammers have been impersonating organisations such as tax authorities to offer tax refunds, or the WHO or your local health service to offer dubious advice, fake cures, or even the vaccine.

One way that phishing attacks are made to appear legitimate is to make them look as if they came from someone you know:

  • For emails, scammers may hijack people's email accounts and send emails to all that person's friends.
  • For text messages, it's possible to control who the message appears to come from.

Never trust any message just because it claims to be from a person or organisation you know!

If you ever receive anything unusual from a friend or organisation then always phone them to ask if they did send it - it's far easier to do that than to recover from a virus or scam.

Criminals rely on our natural curiosity to open attachments or follow links. Always stop & think!

One of the biggest giveaways that a message is not genuine are web links that don't match the expected destination.

For emails the true location of a link is not always obvious. To find it, hover your mouse over any link in the email. Either in a little pop-up, or at the bottom (sometimes bottom-left) of your email program, you should see the destination of this link. Is the address what you would expect?

A suspicious link is anything that doesn't point to a known website.

For example, if you receive a text or email claiming to be from "Acme Bank", then any link should be to somewhere on the company's own website such as acmebank.com.

  • Links should never point to a random looking web address like sdbryjddvsrg.ru
  • Watch out for slight differences that might be trying to fool you, such as "acmebankalerts.com" or "acme-security.com".
  • Be very suspicious too of any links that use a shortening service (such as bity.ly, TinyURL, or tiny.cc) as these can be used to hide the true target of a web link.

If the email is claiming to be from a company that you already have an account with, the best thing you can do is manually type their web address into the browser bar (use an address you know belongs to them - not the one in the email) and log in to your account that way.

Never click on any link you're not 100% sure about!

For help understanding where a web link (known as a URL) is really pointing, see our guide on how to read a web address.

3) A sense of urgency or worry

An email with a fake sense of urgency

This is trying to panic me into clicking the link

To persuade users to click on a web link or open attachments criminals will often give the message a sense of urgency, create worry, or simply try to exploit our natural curiosity.

  • Does the message imply you might lose money if you ignore it? For example is it claiming a security issue on your account, or is it an email confirmation of an order you didn't make (and giving you a web link to click on to cancel it)?
  • Does it suggest other consequences, such as a court summons or that a bank or other account will be closed if you don't act?
  • Does it prey on your curiosity, for example wanting to know who an unexpected parcel is from or who might be sending you an invoice?

Criminals rely on all sorts of human traits to get us to fall for their scams, whether that's panic, greed, curiosity, fear of missing out, or just a desire to help others. If any of these emotional tugs are used then you're right to be suspicious of the message.

4) An email attachment

A virus infected attachment

An unexpected attachment - likely to be loaded with viruses!

The objective of many malicious emails is to spread malware, often by fooling you into opening an attachment which then installs a virus on your PC.

Common forms of this attack include:

  • Fake invoices;
  • Missed parcel notifications;
  • Claims of money you're owed;
  • False booking confirmations.

Never open any attachment you're not expecting and aren't 100% sure about!

If you receive an attachment that you're not expecting (regardless of what type it is, for example a Word document, PDF, zip file, or spreadsheet) the golden rule is to simply not open it.

5) Poorly written

An email with poor English

Major corporations would produce professional looking emails - and use spell check!

A lot of cyber crime originates from countries where English isn't the first language. Whilst a lot of phishing messages can be professional looking & believable this isn't always the case - any poor grammar or spelling is always an obvious give-away.

  • Does the email or text have spelling or other grammatical mistakes?
  • Does the layout look sloppy and poorly formatted?

6) Impersonal

Due to the bulk nature of phishing scams most are generic and don't contain anything personal.

  • How is the message addressed - is it just to a generic "Dear customer"?
  • Does it contain any other details unique to you? Many security-aware legitimate firms will try prove it's a genuine message by including something personal to you which isn't publicly known, such as the last 4 digits of your account number.

Note however that this isn't a foolproof way of identifying fake emails, since some companies do still address emails generically (for example Amazon often just say 'Hello'), whilst some criminals will personalise their phishing messages by using data stolen from elsewhere (for example some scams quote the person's password that's been taken from a hacked website).

But the greeting used can still add to a general feeling of whether to trust the message or not. For example, the absence of your name in a message that claims to be from a company who would normally address you personally should always ring alarm bells.

7) An unusual "From" address

An email with an unusual From address

Why would Apple be sending me an invoice from Shaw in Canada?

Who sent the message? 'From' addresses can easily be spoofed so never trust these, even if it looks legitimate (this applies to both emails and text messages).

If the "From" address doesn't originate from the same company as the message claims to be though then this is an immediate red flag - if the criminals haven't even bothered trying to mask this then it's an obvious giveaway!


Is this a phishing email?

Now that you've read through the warning signs above then why not check out our gallery of phishing examples (best viewed on a big screen) to see some of the tricks used by scammers. Can you spot the warning signs of a phishing email?

If you've received an email or text message that you're suspicious of but aren't quite sure about, and if it looks like something which perhaps you shouldn't ignore, then try the following:

  • Check online: If the message claims to be from a company you have an account with already then login to it. Don't click on any links in the email or text - open your browser & type the web address directly. If the message was genuine you'll often see the same message in your account.
  • Contact the company: Try phoning the company or organisation, especially if it's a small or local business. Do a web search for their phone number (don't trust anything in the email or text you received) or, if you're a customer of theirs already, look for a phone number on a previous email or letter that you know to be from them. The online chat functionality on a company's website can also be used.

You should also take a look at our Email Scams page; here you'll see a collection of other types of email scam that are all too common.

And during the current Coronavirus pandemic, take a look at this useful page that HMRC, the UK tax agency, have put together of specific COVID-19 phishing scams to be aware of.

If in doubt about any message, always treat it as suspicious.


What should I do if I opened a phishing message??

If you've not done anything with the email yet other than to read it then the safest thing is to simply ignore the message & delete it. Easy!

If however you've followed a suspicious web link or opened an attachment, then take a look at our guide for what to do next.


But what if it is a genuine email?

Ignoring emails can feel like the wrong thing to do if there could be consequences should it indeed be genuine.

So, if you've not been able to rule the email out as being malicious, and if it's one that you just don't want to risk ignoring, then follow our advanced steps for identifying phishing emails. Beware - this page gets technical so it isn't for everyone; you may want a technical friend to help out!


Have any feedback on this page? Let us know - [email protected]

Close gallery

Amazon order
The aim of this email is to persuade us to query the unknown order by clicking on the 'Help Page' link - and thus download a virus in the process.
British Gas invoice
Criminals regularly impersonate popular companies to make their emails appear more believable. Learn to always stop and think - even if you happen to be a customer of British Gas!
DropBox file share
Taking advantage of our natural curiosity is a common theme amongst phishing emails. I don't know a Darren but I'm curious now as to what he might be sending me!
Email error alert
Computer error messages are so common that this one might not look too suspicious at first but the poor English, dodgy destination of the link, and unusual origin email address, all give this one away.
Scanned document
This email is another one that tries taking advantage of our curiosity, hoping that we'll open any attachment (even when we're not expecting one) to see what it is.
Parcel delivery
I don't remember ordering or sending any parcel recently, but clicking the link surely can't do any harm - can it?
Domain name warning
The people behind this email had gone to great lengths to register a genuine sounding domain name, icann-monitor.org (ICANN are the organisation that run the internet). But all is not as it seems - how many clues can you spot?
iMessage sign-in notification
This is another message designed to cause worry and make us think we've already been hacked. The irony though is that clicking the link in this email is what may cause us to get hacked in the first place!
Parcel delivery notice
It's always nice to receive parcels, and even better when it's an unexpected gift! But these fake delivery notifications are a classic scam designed to get us to open the attachment - and install a virus.
Apple invoice
Apple is such a massive company that a large portion of recipients of this email will be genuine Apple customers. Even though this message looks genuine at first glance, the warning clues are all still there.
Hide text