Phishing Emails Are Getting Harder to Spot
Phishing emails — fake messages designed to trick you into handing over passwords, card details or access to your computer — are one of the most common ways people and small businesses get hacked. The good news is that most phishing emails share the same warning signs. Here's what to check before you click anything.
1. Check the Sender's Actual Email Address
The display name can say anything — "Microsoft Support", "Your Bank", "Amazon" — but the address behind it tells the real story. Tap or hover over the sender's name to reveal the full email address. If it's a long string of random characters, or a domain that doesn't quite match the real company (e.g. microsoft-support-team.com instead of microsoft.com), that's a major red flag.
2. Look for Urgency or Threats
"Your account will be suspended in 24 hours." "Unusual sign-in detected — verify now." Phishing emails almost always try to create panic so you act before thinking. Genuine companies rarely demand instant action by email.
3. Hover Over Links Before Clicking
On a computer, hover your mouse over any link (without clicking) and look at the address shown at the bottom of your browser or email app. On mobile, press and hold the link briefly. If the destination doesn't match where the email claims to be sending you, don't click it.
4. Be Wary of Unexpected Attachments
Especially .zip, .exe, .html, or Office files with "enable macros/content" prompts. If you weren't expecting a document from this sender, don't open it — verify with the sender through another channel first (call them, don't reply to the email).
5. Check the Greeting
"Dear Customer" or "Dear User" instead of your actual name can be a sign of a mass phishing campaign — though be aware some sophisticated attacks now do use your real name, so this sign alone isn't conclusive.
6. Trust Your Gut on Spelling & Design
Odd spacing, slightly-wrong logos, unusual fonts, or spelling mistakes are still common in phishing emails, even though they're getting more polished. If something feels slightly "off" about an email from a company you know well, it's worth a second look.
What to Do If You Spot One
- Don't click any links or open attachments
- Don't reply to the email
- Report it using your email provider's "Report phishing" button, or forward it to [email protected]
- Delete it once reported
- If in doubt about a real account (e.g. your bank), go directly to their official website or app rather than using any link in the email
Worried You've Already Clicked Something?
If you've clicked a link, entered details, or opened an attachment and you're not sure what happened next, it's worth getting it checked quickly. We can connect remotely, check your device and accounts, and help secure things properly.
Related Guides
Why Is My Laptop So Slow?
Seven things to check before buying a new one.
Wi-Fi Keeps Dropping? Here's How to Fix It
Steps to try before booking an engineer.
Cyber Security Services
Antivirus, firewalls and security audits, set up remotely.
Based in Surrey? We Can Help
We support home users and small businesses across the whole of Surrey remotely — including Epsom, Guildford, Dorking, Kingston, Woking, Reigate and Cobham. View all Surrey areas →
Frequently Asked Questions
I already clicked a link in a phishing email. What should I do?
Don't enter any details if a login page appeared — close the page immediately. Then change the password for that account from a separate, trusted device, and enable multi-factor authentication if you haven't already. If you entered card details, contact your bank straight away.
Can a phishing email infect my computer just by opening it?
Simply opening a plain email is very low risk with modern email providers. The danger comes from clicking links, opening attachments, or enabling content (like macros) within them — that's where the actual infection happens.
How do I report a phishing email?
In the UK, you can forward suspicious emails to [email protected], which is run by the National Cyber Security Centre. Most email providers (Outlook, Gmail) also have a built-in "Report phishing" button.