How To Spot A Phishing Email or Text

Phishing messages are so-called because, just like dangling a hook into a pond of fish, they're sent to thousands of people at random in the hope that someone bites.

Criminals regularly use phishing to try to capture our personal details and passwords, as well as to spread computer viruses.

This page shows how to spot these scams & avoid them. If you've already opened a web link or file in an email or text that you're now having doubts about, then see our guidance on what to do next.

Jump straight to topic:


What is phishing?

A typical phishing message

The sender of text messages can easily be spoofed (eg "UK Gov") - never rely on the sender's name being genuine.

Phishing emails and text messages are sent by criminals to thousands of random people in the hope of stealing financial or other confidential information.

They might direct you to a fake website that asks for your personal information, or include an attachment which installs a virus or other malware on your computer when you open it.

Phishing is most commonly associated with emails, however they're also often sent by text message (sometimes known as "smishing"), and even as a recorded phone message ("vishing").


How to spot a phishing email or text

Criminals rely on all sorts of human traits to get us to fall for their scams, whether that's greed, curiosity, panic, or just a desire to help others.

The good news though is that most phishing attacks can be easily spotted if you know the warning signs - most will have at least one of the following characteristics:

Check out our gallery of phishing examples (best viewed on a big screen) to see some of the tricks used - do any of these look familiar to you? Can you spot the phishing warning signs?

You should also take a look at our Email Scams page; here you'll see a collection of other types of email scam that are all too common.


1) Unexpected

An unexpected email

I'm not expecting any payment from this company...

Most phishing attacks are sent out at random. Even when (by chance) a message appears to be from a company you have an account with, the fact it's unexpected should always make you question it.

Always pause & ask:

  • Is this message expected? If it's for a delivery you're not expecting, a product you've not bought, a payment you're not owed, or an invoice you know nothing about, then it's probably a scam.
  • Do you even know the company or person it's meant to be from?
An unexpected email that takes advantage of the WannaCry outbreak

A phishing email taking advantage of the global WannaCry outbreak.

Some scammers also take advantage of major news events to make their scams seem genuine, such as with the current Coronavirus pandemic. Lots of scammers have been impersonating organisations such as tax authorities to offer tax refunds or advice, or the WHO to offer advice or even fake cures.

One way that phishing attacks are made to appear legitimate is to make them look as if they came from someone you know:

  • For emails, scammers may hijack people's email accounts and send emails to all that person's friends.
  • For text messages, it's possible to control who the message appears to come from. Never trust a message just because it claims to be from an organisation you recognise.

If you ever receive anything unusual from a friend or organisation then always phone them to ask if they did send it - it's easier to do that than to recover from a virus or scam!

Criminals rely on our natural curiosity to open attachments or follow links. Always stop & think!


2) Impersonal

An impersonal email

Amazon should surely know my name?

Due to the bulk nature of phishing scams most are generic and don't contain anything personal.

  • How is the message addressed - is it just to a generic "Dear customer"?
  • Does it contain any other details unique to you? Most legitimate firms will try prove it's a genuine message by including something personal to you which isn't publicly known, such as the last 4 digits of your credit card number.

Be aware that some malicious emails and texts may still be personalised, so just because it contains your name or other details doesn't guarantee that it's legitimate (for example some scams quote the person's password that they've taken from hacking a website). But the absence of even your name in a message from a company you have dealings with should ring alarm bells.


3) Poorly written

An email with poor English

Major corporations would produce professional looking emails - and use spell check!

A lot of cyber crime originates from countries where English isn't the first language. Whilst a lot of phishing messages can be professional looking & believable this isn't always the case - any poor grammar or spelling is always an obvious give-away.

  • Does the email or text have spelling or other grammatical mistakes?
  • Does the layout look sloppy and poorly formatted?

4) A sense of urgency or worry

An email with a fake sense of urgency

This one is trying to panic me into clicking the link to avoid further fines

To persuade users to open web links or attachments criminals will often give the message a sense of urgency, create worry, or simply try to exploit our natural curiosity.

  • Does the message imply you might lose money if you ignore it? For example is it an email confirmation of an order you didn't make (and hence hoping you'll click on an infected link to cancel it), or is it claiming a security issue on your account?
  • Does it suggest other consequences, such as a court summons or that a bank or other account will be closed if you don't act?
  • Does it prey on your curiosity, for example wanting to know who an unexpected parcel is from or who might be sending you an invoice?

5) An email attachment

A virus infected attachment

An unexpected attachment - likely to be loaded with viruses!

The objective of many malicious emails is to spread malware, often by fooling you into opening an attachment which then installs a virus on your PC.

Common forms of this attack include:

  • Fake invoices;
  • Missed parcel notifications;
  • Claims of money you're owed;
  • False booking confirmations.

If you receive an attachment that you're not expecting (regardless of what type it is, for example a Word document, zip file, or spreadsheet) the golden rule is to simply not open it.


One of the biggest giveaways that a message is not genuine are web links that don't match the expected source.

In text messages any links will display their destination in full. For emails however the true location of a link can be hidden. To find it, hover your mouse over any link in the email. Either in a little pop-up, or at the bottom (sometimes bottom-left) of your email program, you should see the destination of this link. Is the address what you would expect?

A suspicious link is anything that doesn't point to a known website.

For example, if you receive a text or email claiming to be from "Acme Bank", then any link should be to somewhere on the company's own website such as acmebank.com.

  • Links should never point to a random looking web address like sdbryjddvsrg.ru
  • Watch out for slight differences that might be trying to fool you, such as "acmebankalerts.com" or "acme-security.com".
  • Be very suspicious too of any links that use a shortening service (such as bity.ly, TinyURL, or tiny.cc) as these can be used to hide the true target of a web link.

If the email is claiming to be from a company that you already have an account with, the best thing you can do is manually type their web address into the browser bar (use an address you know belongs to them - not the one in the email) and log in to your account that way.

Never click on any link you're not 100% sure about!

For help understanding where a web link (known as a URL) is really pointing, see our guide on how to read a web address.


7) An unusual "From" address

An email with an unusual From address

Why would Apple be sending me an invoice from Shaw in Canada?

Who sent the message? 'From' addresses can easily be spoofed so never trust these, even if it looks legitimate (this applies to both emails and text messages).

If the "From" address doesn't originate from the same company as the message claims to be though then this is an immediate red flag - if the criminals haven't even bothered trying to mask this then it's an obvious giveaway!


What if I opened a phishing message??

If you've already acted on an email or text message that you're suspicious of, for example if you've followed a suspicious web link or opened an attachment, then take a look at what to do next.

If you've not done anything with it yet though then the safest thing is to simply ignore the message & delete it. Easy!

But if you can't obviously classify it as fake, and if it looks like one which perhaps you shouldn't ignore, then try the following:

  • Check online: If the message claims to be from a company you have an account with already then login to it. Don't click on any links in the email or text - open your browser & type the web address directly. If the message was genuine you'll normally see the same message in your account.
  • Phone them up: Try phoning the company or organisation. Do a web search for their phone number (don't trust anything in the message) or, if you're a customer of theirs already, look for a phone number on a previous email or letter that you know to be from them.

But what if it is a genuine email?

Ignoring emails can feel like the wrong thing to do if there could be consequences should it indeed be genuine.

So, if you've not been able to rule the email out as being malicious, and if it's one that you just don't want to risk ignoring, then follow our advanced steps here for assessing emails. Beware - this page gets technical so it isn't for everyone; you may want a technical friend to help out!


Have any feedback on this page? Let us know - [email protected]

Close gallery

Amazon order
The aim of this email is to persuade us to query the unknown order by clicking on the 'Help Page' link - and thus download a virus in the process.
British Gas invoice
Criminals regularly impersonate popular companies to make their emails appear more believable. Learn to always stop and think - even if you happen to be a customer of British Gas!
DropBox file share
Taking advantage of our natural curiosity is a common theme amongst phishing emails. I don't know a Darren but I'm curious now as to what he might be sending me!
Email error alert
Computer error messages are so common that this one might not look too suspicious at first but the poor English, dodgy destination of the link, and unusual origin email address, all give this one away.
Scanned document
This email is another one that tries taking advantage of our curiosity, hoping that we'll open any attachment (even when we're not expecting one) to see what it is.
Parcel delivery
I don't remember ordering or sending any parcel recently, but clicking the link surely can't do any harm - can it?
Domain name warning
The people behind this email had gone to great lengths to register a genuine sounding domain name, icann-monitor.org (ICANN are the organisation that run the internet). But all is not as it seems - how many clues can you spot?
iMessage sign-in notification
This is another message designed to cause worry and make us think we've already been hacked. The irony though is that clicking the link in this email is what may cause us to get hacked in the first place!
Parcel delivery notice
It's always nice to receive parcels, and even better when it's an unexpected gift! But these fake delivery notifications are a classic scam designed to get us to open the attachment - and install a virus.
Apple invoice
Apple is such a massive company that a large portion of recipients of this email will be genuine Apple customers. Even though this message looks genuine at first glance, the warning clues are all still there.
Hide text