How to spot a fake email

Most cyberattacks begin with phishing emails containing malicious links and files that infect a user’s device or network, which allow cybercriminals to perform a variety of damaging activities. Such activities include theft or destruction of valuable information, blackmail, or disruption of business operations.

What makes phishing still effective to this day is the convincing way in which fake emails are drafted which can encourage any unsuspecting member of staff to click on a bad link or attachment. Sometimes such phishing email messages address the recipients by name and can refer to specific internal operations that make them appear genuine.

So how can someone spot a fake email and how can we train staff to be more aware of phishing tactics so as to avoid becoming victim of a cyberattack?

Here are 5 indicators of fake phishing emails:

The subject of the email contains “clickbait”, such as specials characters, uppercase letters and alarming buzz terms, such as URGENT, IMPORTANT, LAST CHANCE. These characteristics are designed to evoke emotion in the user to act quickly, so that their decisions circumvent logical skepticism.

The email requests personal information or even credentials for logging on to an online account. Staff must understand that personal data are very sensitive and would not be requested so casually over email. A simple phone call can help verify that the supposed sender of the email is in fact real and that their request is legitimate. If the sender is unknown, then the email is most probably fake. In case an email requests login credentials, it is definitely fake. There are no sincere grounds for asking for someone’s credentials, period.

A link in the email looks suspicious. Be careful of redirect links or hidden hyperlinks behind text. In Outlook, simply hovering over a link will reveal the true destination. If the address looks suspicious and unrelated to what the email claims to be about, you should probably refrain from clicking it, and you should investigate the email’s sender.

The email contains bad grammar and spelling. Of course we all make mistakes, but cybercriminals in general are not known for their adherence to rules, even language rules. A collection of misspelling and grammar mistakes are a strong indication that the email is fake, and it should be investigated further or ignored/deleted.

The message contains attachments that seem suspicious, especially compressed files. Even if the files are not compressed, they may still be suspicious if the email urges you to open them. Users must be especially careful of clicking on any attachment sent over email because potentially any file type may contain malicious code. The question to be asked is whether the attachment is something expected by the user and if it is relevant to normal everyday operations.

Bonus point: Make sure that the email sender’s address is correct. Attackers use a fake email address (from which to send their phishing attacks) that looks very similar to the original address, in order to deceive the recipient into thinking that it is a legitimate message. For example, if attackers know that the email address of a colleague of ours is, they may create the following addresses that could be, at first glance, mistaken for authentic: or or


Keeping these simple points in mind and making sure that your co-workers are aware of them too may significantly decrease your organization’s cyber risk, since human error is still the main issue in cybersecurity. Information security begins with training and awareness.

Learn more about Social Engineering here.