How to spot the signs of a phishing scam

Scammers are smart and phishing scams are just one way they get their hands on personal information.



You wouldn’t give your bank details to a stranger on the street, so surely you wouldn’t hand over sensitive information to someone on the internet – right?

The reality is scams happen every day that trick people into doing just this.

Images of hackers in hoodies hunched over keyboards are long gone. Today’s phishing scams are slick, professional, and incredibly convincing. They slip into your inbox disguised as trusted voices and familiar brands, waiting for you to make one wrong move.

Can you spot the difference between a legitimate email and one that could cost you thousands? The problem here is that some scams seem so real, or make us panic into sharing private information, that we don’t realise a mistake has been made until it’s too late.

So, when it comes to phishing scams – those carried out over email – what are the signs to look out for to protect yourself and your business? We reveal the tricks cybercriminals use to infiltrate your business.



How to spot and identify phishing scams



Phishing scams blend in as familiar emails or messages, often from people or companies you know and trust. But beneath the surface, they’re designed to steal critical information like passwords, financial details and sensitive client data.

So, why is early detection so crucial? Cybercriminals thrive on speed and chaos. The quicker they can push you into making a rash decision, the more successful their attack. Spotting a phishing scam early gives you time to pause and avoid falling into a trap.

The tricky part is phishing scams are masters of disguise. They can masquerade as fake invoices, payment requests from familiar suppliers, or even messages from colleagues.

Here’s more on what phishing scams are.

Once you know what to look for, recognising common phishing scams becomes much easier. Here are some key things to keep an eye on:


1. Emails demanding urgent action

Phishing scams thrive on panic. Subject lines like "Your account has been suspended" or "Immediate action required" aim to get you clicking links or downloading attachments before you’ve had a chance to think. If you feel rushed, slow down.

2. Suspicious attachments

An email out of the blue with an attachment is a huge red flag. Phishing emails love to hide malware in attachments, ready to infect your system. Be particularly wary of unexpected file types like .exe or .zip. If you weren’t expecting it, don’t open it.

3. Too good to be true offers

We all love a good deal, but if an email offers you something that sounds too good to be true, it probably is. Things like a lucrative business opportunity are classic tactics. They’re designed to play on your curiosity and push you into handing over sensitive information or making payments. If something seems off, trust yourself.

4. Poor grammar or design

Phishing emails often slip up with poor grammar, awkward sentences, or pixelated images. Legitimate companies take pride in their communications, so anything that feels sloppy or unprofessional should raise suspicion.

5. Incorrect domain names

Phishing emails often come from addresses that look almost identical to the real deal, but with minor tweaks. A single letter change – like "vodaf0ne.co.uk" instead of "vodafone.co.uk"- can easily go unnoticed if you’re not paying attention. Always double-check the sender’s domain, especially if they’re asking for sensitive information.



Although we use a phishing example here, the same principles apply to smishing scams (those that happen over text messages), so watch out for these tell-tale signs in texts too. It’s also important to know that smishing scams tend to come from real mobile numbers that, at a first glance, seem to be authentic. If in doubt, always reach out to the business through official support channels to check.

Signs to look out for

Generic, urgent subject line

A legitimate email usually has a detailed subject line.

Questionable sender email address

If the sender's email address doesn't match the name, it's most likely a scam.

Unusual or impersonal introduction

Think about whether this is how the sender would usually address you.

Poor grammar or spelling

A phishing email often includes spelling mistakes - a sign it hasn't come from a professional business.

Suspicious URL

When you hover over the link, see if it displays an unsecure address (http rather than https) and see if the address matches the sender. If you aren't sure whether it's safe, DON'T click - always verify it first.

Unnecessary urgency

Scam emails tend to include a sense of urgency to prompt a quick response.

No contact details

A generic signature and lack of contact information is a tell-tale sign of a scam, as you can't verify the sender.

Everyone’s susceptible to scams and they’re around every corner, with 41% of European SMEs in 2020 experiencing a phishing attack.

Since scams and scammers are becoming smarter, there are so many opportunities to accidentally compromise confidential information. So, if you want to protect your business, you and your team need to know how to spot the signs of a scam.

Worried you aren’t well-equipped to spot future scans? Our V-Hub Digital Advisers are here to help. Get in touch for free support. For more cyber security help for small businesses, visit our cyber security hub to help keep your business safe and secure.

Lookout Mobile Security

Secure your business mobiles from a host of cyber threats.

Free one-to-one support

Available Monday to Friday, 8am-6pm, our friendly team are here to provide guidance and support on the topics that matter to your business.

0808 239 8345

Content made available to you on this website is for general information purposes. Independent advice should be obtained for your needs. Read full disclaimer

Call me back