Phishing attacks are probably the biggest cyber security risk facing your business today. At the very least, they’re definitely the most common.

A couple of weeks ago, we posted about the UK government’s 2023 – 2024 Annual Cyber Security Breaches Survey. One of the biggest shocks was that an overwhelming 84% of all cyber attacks on businesses were phishing attempts, and for charities, this number was only slightly lower at 83%. The stakes are especially high for medium and large businesses, where the average cost per attack can soar to over £10,000.

So, phishing attacks are a big deal and it’s important to keep your business safe from them. In this article, we’ll show you the telltale signs of how to spot a phishing email so you can stay protected.


8 Tips For Spotting Phishing Emails

Phishing emails are getting more and more sophisticated. However, there are certain clues that will help you spot one. Do your detective work, and you’ll stay safe. Here are some red flags that you and your team should look out for:

1. Suspicious Email Addresses

Watch out for email addresses that mimic legitimate ones with minor typos or unusual characters. Also be aware that scammers can actually spoof an e-mail entirely (so it’s identical to the original address). In situations like this, you’ll have to rely on the other tips listed below.

2. Grammar and Spelling Errors

Official emails are usually well-written. If an email from a reputable company contains poor grammar or spelling, it could be a phishing attempt. In a similar way, be very wary if you receive an e-mail from someone you know personally, using unusual language and words they wouldn’t normally use. This is another red flag.

3. Unsolicited Requests for Sensitive Information

Legitimate companies won’t ask you for sensitive information like passwords or bank details via email. This kind of request should immediately raise suspicions.

4. Urgency and Pressure

Phishing emails often convey a sense of urgency or pressure to trick you into acting quickly without thinking. Be sceptical of emails that push you to act immediately, especially if they involve clicking on links or opening attachments. Take a break from your desk for 5 minutes, get a cup of tea or coffee and then have another look.

5. Unusual Financial Requests

Be extremely cautious if you receive an email requesting anything financial, particularly if the account is new or unfamiliar. Always double-check these requests directly with the sender through a separate type of communication.

6. Mismatched URLs

Hover over any links in the email without clicking them. If the actual URL address looks suspicious or does not match the displayed link text, it’s likely a phishing attempt.

7. Not Using Your Name

Phishing emails often use generic greetings like “Dear Customer” instead of your name, suggesting that the sender doesn’t actually know you. This could be spam rather than a phishing attack but it’s still one to watch for.

8. Attachments

Finally, be wary of unexpected email attachments, especially those with unusual file types. This can be a way for an attacker to force malware onto your computer.



So, phishing attacks are only getting more common, but by staying vigilant and educating your team, you can significantly reduce the risks to your business.

Remember, the best defence against phishing is a well-informed team that can recognise these types of threats. The “human element” is usually the weakest line of defence that attackers will look to exploit. Share these tips with everyone in your company, stay aware and finally, best of luck!

If you’re concerned about the security of your email systems or need further assistance in training your staff to combat phishing effectively, Coretek is here to help. Contact us today to learn more about how we can help keep your business safe.