Phishing remains one of the most common and dangerous cyber threats. In 2025, phishing accounts for over 90% of cybercrime in the UK
These scams are designed to trick you into revealing sensitive information, clicking malicious links, or downloading harmful attachments. Here’s how to stay ahead of the scammers.
How to Spot a Phishing Email
1. Suspicious Sender Address
Check the domain after the “@” symbol. Legitimate companies use their own domains (e.g. @amazon.com), not public ones like Gmail or lookalikes like @amaz0n-support.com
2. Generic or Unusual Language
Phishing emails often use vague greetings like “Dear Customer” or “Valued User.” If the tone feels off or overly urgent, be cautious
3. Urgency or Threats
Scammers use panic to prompt quick action. Phrases like “Immediate action required” or “Your account will be suspended” are red flags
4. Spelling and Grammar Errors
Professional organisations rarely send emails with typos or poor formatting. These are often signs of a scam
5. Unexpected Attachments or Links
Never open attachments or click links unless you’re sure of the sender. Hover over links to preview the URL—if it looks suspicious or doesn’t match the sender’s domain, don’t click
6. Requests for Personal Information
Legitimate companies will never ask for passwords, credit card numbers, or national insurance details via email
7. Too Good to Be True Offers
Emails promising prizes, refunds, or investment opportunities with no context are almost always scams
What to Do If You Suspect a Phishing Email
Don’t Click or Reply
Avoid interacting with the message. Clicking links or replying confirms your email is active and may lead to more attacks.
Report It
- Internally: Use your organisation’s phishing report button (e.g. in Outlook) or forward the email to your security team. Internal proposals like the recommend automated responses to encourage reporting and build trust with staff
- Externally: Forward phishing emails to
reportphishing@apwg.organd texts to7726(SPAM)Delete the Email
Once reported, delete the message from your inbox and trash folder.
Run a Security Scan
If you clicked a link or opened an attachment, update your antivirus software and run a full scan. Tools like Microsoft Defender or Mimecast can help assess and quarantine threats
.
Change Your Passwords
If you entered credentials, change your passwords immediately—especially for any accounts that use the same login.
Monitor Your Accounts
Watch for unusual activity in your email, banking, and social media accounts. Enable multi-factor authentication (MFA) wherever possible.
Proactive Tips to Stay Safe
- Use MFA: Adds an extra layer of protection even if your password is compromised.
- Keep Software Updated: Security patches help block known vulnerabilities.
- Educate Your Team: Regular phishing simulations and awareness training reduce risk.
- Back Up Your Data: In case of malware, backups can save your files and your business.
Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore tefe velit esse cillum dolore eu fugiat nullaad minim veniam, quis nostrud exercitation ullamco laboriscupidatat non proi.
