5 Easy Ways To Spot A Phishing Email

A ‘phishing’ email is one that attempts to trick or confuse a reader into replying and revealing sensitive and/or personal information, which can then be used to commit fraud or identity theft.

Here are 5 easy to recognise signs that an email is attempting to phish information from you –

  1. Deceptive subject lines
  2. Spoofed email headers
  3. Professional-looking content
  4. Disguised hyperlinks
  5. Fake email forms

5 Easy Ways To Spot A Phishing Email

And in more detail –


Phishing emails tend to arrive with subject lines that are designed to either pique your interest, or provoke you into action without thinking, for example, ‘Your email address has been selected in our lottery draw’ or ‘Please verify your account within 48 hours to avoid account suspension.’

You may also spot numerals or other gibberish in the subject line – this is a ploy to avoid spam filters.

Another common method of trying to sneak an email into your inbox is by misspelling words in a way that you are unlikely to notice if you are someone who quickly scans their emails.


Contrary to what you may realise, it is actually very, very simple to make an email appear to have originated from anywhere a potential fraudster would like you to think it has come from. Good examples are the phishing emails that purport to come from banks – the email will appear to be from someone@yourbank.com

Of course, this is spoofed, and is designed to trick the unwary into thinking that the email is from a genuine company, thereby increasing the fraudster’s chances of trickery and deception.

If you right click an email, select ‘properties’ then view it’s source this can often reveal the true origin of any electronic mail you receive.

However, be aware that the wiliest of fraudsters can do a good job of hiding even this tell-tale sign.


A clever fraudster covers as many bases as he can.

Wherever possible, a fraudster will send out emails that look completely genuine.

This will mean that official company images, logos, trademarks, etc will be utilised in their phishing emails.

Some of the more devious fraudsters will actually embed genuine hyperlinks in their phishing emails – these will direct you to the genuine site that the email relates to, in order to view their privacy policy, for example.

It goes without saying though that links to anywhere where you have to give up passwords, account numbers, etc will be false, thereby giving the crook access to your funds, accounts and/or personal information.


Many phishing emails employ the technique of disguised hyperlinks.

This tactic is generally employed in one of two ways –

HTML is used in the email which allows an internet address to be typed which is completely bogus as it is linked to an altogether different website, the fraudster’s site.

In a text based email, their may be a written hyperlink that looks like www.login.yourbankaccountsite@scamsite.com.

For those of you who don’t already know, your browser would be directed to the site after the ‘@’ – in other words, the fraudster’s site.

Either way, the email will look like it is redirecting the reader to the genuine site to which it pertains.

The best defence is to read hyperlinks carefully or run the mouse over them – this will show if the web page they are pointing to is the same one the text leads you to believe it is.


I’m sure you’ve visited plenty of web sites that have email forms set up in case you wish to contact them about their products or services, but have you ever seen such a form set up within an email?

Contained within an email that has been designed and worded in a way to encourage the recipient to reply, the email form actually runs on a fraudster’s script, designed to forward all the information you enter into it.

This could either be directly, or it could store your data in a database for later retrieval.

Such deviousness is not all that common, however, it is certainly one ruse to be wise to – clicking ‘submit’ could be very dangerous indeed!

Many of these email forms within emails are designed by clever, computer literate fraudsters.

It can be amusing to see how their poorly spelling sidekicks butcher them at times though!

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. […] can certainly steal information on the internet. Commonly, this would be via a technique known as ‘phishing‘ – an email from your bank, eBay or Paypal, for instance, will state that your account […]

  2. […] I am sure that you have seen it before when you have checked your email account at some point. A phishing attack is when a black hat hacker tries to lure you to another web site. The attacker will try to pose as […]

  3. […] name, address, date of birth and email address has tremendous value to them. Imagine the junk mail, email spam, or, worse still, the possibility of identity […]

  4. […] Phishing is a scam where internet fraudsters attempt to steal accounts or identities or both. […]

  5. […] many respects a fraud alert scam is similar to a phishing […]

Speak Your Mind