Checklist: How to identify a phishing email

Did you know that email is the number one way that business networks are compromised?

Results from a recent survey we conducted revealed that only 6% of survey respondents were able to accurately identify a phishing email from a real email. 

So how can you avoid taking the email phishing bait? If you are sent an email that starts setting off your internal scam warning, use the checklist below to see if you should delete upon receipt.

Warning signs to help you identify a phishing email

  • You don’t know why you received the email 
  • There’s a link to a login page – with multiple requests to click on the link*
  • The email asks for a login, personal or financial information**
  • The email contains typos or poor grammar
  • The graphics (logos etc.) are low resolution
  • The email doesn’t know your name, and uses a generic salutation
  • The email evokes a sense of urgency
  • You’re asked for a password
  • There’s an attachment you’re not expecting
  • You don’t recognise the file format of an attachment

*Is the link legit?

  • Hover your mouse over any links embedded in the body of the email. If the link address looks odd, don’t click on it.
  • If the link address doesn’t start with ‘https’ or if the domain name doesn’t match the company name, delete the email.

**Personal details and logins

  • Even if an email does know your name, that doesn’t necessarily make it safe. These days, big user database hacks are getting names as well as emails
  • DO NOT login or enter details on the first page you go to: browse a few pages on the ‘site’ before logging in.

And if you think there’s room to improve the security of your network, get in touch with our team here.

Another tool that you may find helpful is this infographic –

The Ultimate Guide to Cybersecurity for Employees

Guide to cybersecurity for employees