Five Ways to Identify a Phishing Attack

Help protect your business by knowing these five tactics scammers commonly use.

Articles published January 21, 2019

email icons on a keyboard phishing attack icon

Phishing attacks are becoming more sophisticated and convincing, causing their victims to face extreme losses to their businesses. In fact, in 2018, 83 percent* of organizations said they experienced phishing attacks. These scams are more common than you think and need to be considered a top priority when it comes to mitigating business risks. But first, what does phishing even mean, and how can you identify a phishing scam?

What is Phishing?

A phishing attack is when a cybercriminal pretends to be someone they are not via email or text message to extract sensitive and confidential information about you and your business. These attacks can be extremely detrimental, potentially causing you to lose your business.

A cyber predator can attempt to steal confidential information from you by eliciting fear, curiosity, and a sense of urgency. The criminal will input a direct call to action in the phony text message or scam email, highly encouraging you to open or click on an “attachment.” This “attachment” or “link” will be the entryway for the cybercriminal to steal your information. Fortunately, there are ways you can identify phishing attacks before it’s too late. You can help protect yourself and your business by knowing these five tactics scammers commonly use.

1. The phishing email is sent from a public email address.

Cybercriminals can set up a default display name to appear in your inbox that looks natural, so be sure to look at the sender’s actual email address. This can help identify if the sender is truly who they claim to be. For example, a legitimate email will come from the organization’s domain such as, but criminals often use a public email address such as Also, double check the spelling of the domain to ensure it is familiar to you. A slight change in the domain can be easily overlooked, but is an indicator of a malicious sender.

2. The phishing email contains strange or unknown email attachments.

If you receive an unexpected email or an email from someone you don’t know asking you to open an attachment, do not open it. Hackers use attachments as a way to contaminate your computer. Unknown attachments can contain malware — software that can harm your computer and capture your personal data — so be sure to only open attachments from senders you know and trust. When in doubt, contact the sender using a different method of communication to confirm their intent. 

3. The phishing email contains strange or unknown website links.

Phishy emails and texts may ask you to click a link contained within the message. Just as you should be vigilant about opening unknown email attachments, you should investigate any URL before clicking. Whether it’s a pasted link, a hyperlink within text, or embedded as a button, by hovering your mouse over the link or address, you can reveal the linked site’s true URL. A phishing email will contain links to unrecognized sites or URLs that misspell a familiar domain name. These URLs might be slightly misspelled or completely different than what you are expecting, so always double check before you click.

4. The phishing email contains poor spelling and grammar.

You can often detect a phishing email by how it is written. The writing style might be different and it often contains spelling mistakes and poor grammar. Many of us can make typos when sending an email, so a common misspelling from a finger slip on the keyboard isn’t necessarily a red flag, but multiple misspellings or awkward wording of everyday phrases should start sounding alarm bells in your head.

5. The phishing email creates a false sense of urgency.

Cybercriminals can create a sense of urgency by warning you that your account has experienced suspicious activity or an invoice is due. This type of act-now urgency is a warning sign. Whether it appears to be a text from a service provider or an email from your bank or your boss, always look for the above warning signs. If you’re still unsure, call the supposed sender to discuss the message in person. Never use any contact details or click any links provided in a suspicious text or email without first verifying their authenticity. Remember, it’s always better to be safe than sorry.

Reporting Phishing Attacks

Understanding these phishing tactics is crucial to protecting your organization’s cybersecurity. However, raising phishing attack awareness among your employees and training them to adhere to your organization’s prevention methods is even more important. Protecting your organization is an all-hands-on-deck practice and should be taken seriously.

If you suspect you have received a phishy message, be sure to report it and follow your organization’s protocol for doing so. Make sure your company's information security policy is understood and regularly updated. Reporting a phishing email to your email provider, internal IT department, and/or managed IT service provider can help identify potential network weaknesses and areas for enhancing your organization's cyber security.

Is your business aware of the ways to identify catastrophic phishing attacks?

*State Of The Phish, 2019 Report, Wombat Security