Phishing emails: How to spot them and what to do if you’ve clicked on one

When it comes to cybercrime, phishing is the most common weapon a criminal has to obtain people’s personal information and break into their online accounts. Phishing has become so prevalent over the last decade; more people are becoming victims to it each year. It is important to know what phishing email scams are, how to spot them, and what to do when you’ve clicked on one.

What are phishing emails?

Phishing emails are a way for cyber criminals to try and trick victims into giving over personal information. They will often send emails that look like they are from a legitimate bank or retailer.

Phishing emails will usually ask you for the following information:

  • Bank account details
  • National insurance numbers
  • PIN numbers
  • Usernames and passwords
  • Credit or debit card numbers
  • Date of birth

Legitimate companies will never ask for any of the information above in their emails.

Phishing emails can also send you to cloned websites that look like a real website to try fool you into typing sensitive information on the site.

Emails contain bad grammar and spelling mistakes

The easiest way to tell if you’ve received a phishing email is by the numerous grammatical errors and spelling mistakes throughout the email. Scammers will usually tend to misspell simple words, but to the contrary, this can be by design. Cyber criminals will usually tend to target people they deem “uneducated” as they feel they will be easier targets for them to hack.

Along with grammatical errors and spelling mistakes, phishing emails will use common greetings such as “Dear Sir,” “Dear customer,” or “Dear account holder.” They will never address you by your name.

Suspicious email attachments

Phishing emails will usually have a work document, PDF, exe, or ZIP file attached to the email. These attachments usually contain some type of malware that will infect your computer when you open it. Most attachments scammers send in an email will usually be named after some sort of order receipt or refund form.

Emails that demand you to take urgent action

Cyber criminals will try to word an email in a way that will try to get you to take urgent action, so they can get your personal information as quickly as possible. They usually do this by using scenarios that play on a person’s curiosity like winning a cash prize or other expensive items, and they state you must claim the prize in a limited amount of time. This type of tactic is extremely popular, especially when it comes to scamming people who may be computer illiterate or of an older age because it makes people think irrationally.

Emails are sent from public domain addresses

Cyber criminals will try to act as a legitimate company by making their emails look similar to genuine emails sent out by companies. They hope that you will be easily fooled, but there’s a straightforward way to tell if an email is more likely genuine or not.
A legitimate company like a bank or retailer will use their own domain for their email communications. For example, eBay will use an email address like:

@ebay.com or @ebay.co.uk

If you get an email from eBay or another company and you are not sure on the legitimacy, always check the domain of the email. Cyber criminals that are trying to trick people into handing over information will often send emails using free email services like Outlook, Yahoo Mail or Gmail.

ebay-support @ gmail.com or ebay @ outlook.com

Emails like these are guaranteed to be fake. A reputable company will never use these email domain services and they will never ask for personal information like passwords and credit card information.

What to do if you’ve clicked on a phishing email

There are different things you should do depending on what actions you have taken when receiving a phishing email.
If you’ve clicked on a phishing email and have not clicked on any attachments or links within it, simply report the email as phishing and discard the email.

If you’ve opened an attachment from a phishing email, make sure you disconnect your device from the internet just in case malware infects your computer and spreads to other devices connected to your Wi-Fi. It can also prevent a hacker who has breached your device from sending outbound information. Make sure to scan your devices with malware software to detect if malware is present on your system. You should also backup your files on a regular basis in case you need to reset your device to factory settings.

If you’ve clicked on a link, make sure you change your passwords on all of your accounts and enable two-factor authentication, as this makes it difficult for hackers to access your important accounts. If you’ve input any banking details onto the website from the link you’ve clicked, call your bank to have your details changed to keep your money safe.

If you enjoy my blog, please consider leaving me a tip.


You'll only receive email when they publish something new.

More from Kieran
All posts