How to spot spam, phishing & malicious emails

How to Spot Junk / Mail

We get hundreds of reports each month of spam emails and potential malicious emails being sent to company staff members. So, we though it might be a good idea to put together a guide on ways that you can spot if an email is legitimate.

How to spot spam, phishing & malicious emails


When receiving emails from potential clients and leads (users who are not regular correspondents), you will need to take further steps to determine whether the email is a legitimate enquiry.


1. Who sent the email & were you expecting it?


The first thing that everyone looks at when they get an email is who it has been sent from. More often than not this provides instant feedback on an emails legitimacy. You should have an idea of the names and email addresses of people that you work with and often correspond with, so when an email comes in from an unknown sender it is always best to verify its integrity before responding to it.

Check who has sent the email, if you press a reply button always take a look at the return path / who you will be responding to. Does this match up to the content of the email? Does this email look to be a genuine enquiry? And finally does the email address match up to any previous enquiries?

One further trick you can do is look up the users email address online to check if it has been flagged anywhere online for spam.

Another thing you can do is see if the email address matches up to a company’s website. For example, if you were to lookup:, you would find our website and verify that the domain used in the email matches that of our website.


When receiving emails from potential clients and leads (users who are not regular correspondents), you will need to take further steps to determine whether the email is a legitimate enquiry.

2. What is the subject line?

The second thing that we all do when examining an email is check the subject line. Spammers & online fraudsters will try their very best to make their emails look legitimate but at the same time want to draw your attention.

A lot of the time they will use eye-catching headings like “Limited Time”, “Important”, “Urgent” and other such hyperbolic titles. You will also see multiple prompting headings such as “Immediate Action”, “Required”, “Take Steps Now” or “Verify Now”.

Also be wary of any emails that do not contain any headings, since it may either be spam or a genuinely important letter that was sent in haste.

3. Grammar and tone of the email.

Examine its content. Firstly, if an email addresses you as “Sir/Madam”, “Colleague”, “Company Name”, “Department” or anything that is vague and seems abnormal, you can instantly question if it was sent from a legitimate source.

Secondly, check for consistent bad spelling, poor/incorrect grammar and blatant red flags in regard to tone and sentence structure. We are all prone this here and there, but if this is consistent across an entire email chain it can be a sign of spam mail. This point is situational, depending on target audience of your business, reach of your company and many other factors, however, if this is flagged along with other points raised it could be used as evidence of illegitimacy.

4. Purpose of the email.

Why has this individual sent you the email? As mentioned previously are you being prompted to “Take Action”, send funds or complete a task that is not normal?

When requested to send funds or make a payment, it sounds obvious, but you should always take extreme care to ensure you are not being targeted:

  • Verify that the payment is legitimate with any relevant staff members.
  • Implement verbal confirmations when transferring money internally between accounts.
  • Verify that the location of the payment is correct and legitimate.
  • Make sure you do not give out any billing information to con-artists.

When prompted to “Take Action”, “Urgent” and other such prompts:

  • Is this a service that you use?
  • Search online to verify that the task they are asking you to complete is real.
  • Has this been sent to other users, and has it been flagged online as a phishing email?
  • Is the email trying to get you to click a dodgy link?

5. Links and attachments.

Within the email that you are analysing have you been asked at any point to click on a link or button to complete a certain action? If so the first thing before clicking on a link is to check the destination that you are being taken to.

There are a few ways to check this:

  • If you are using a laptop/pc/mac, you are able to hover over the link with you cursor and in the bottom left of most browsers and mail systems you will see where the link is taking you. Depending on what device/system you may even get a preview box popup over the link with the address.
  • The second option is to right click and “copy hyperlink” / “copy link address”. You can then paste the link into a text area, such as notepad, Microsoft word or any other text areas without having to click/open the link.

Does the link look suspicious? If the link for any reason feels malicious then it is best to do further research before clicking on it. The only definitive way to ensure that a link is legitimate is to ask the user that has sent and verify that it’s a genuine enquiry. If it has been sent from an unknown sender, then the best course of action is to simply not click it.

The same advice all applies to files and attachments within an email, if you are not expecting an attachment from the sender, then its best to verify its legitimacy before attempting to open it.

6. Check the email chain for any dates.

Dates and timestamps contained within an email can often provide a clue to an email’s legitimacy and takes seconds to check. If you receive an email containing dates that are abnormal (distant past or forward dated), it is likely that the email is not genuine.

7. If it looks dodgy it probably is.

It is always best practice to be cautious when opening any email regardless of who it is sent from. If an email even looks slightly illegitimate, it is best to follow the previous 6 steps before opening any links or attachments.

You should never open an attachment unless you know who sent it to you, why they have sent it to you and what its purpose is.

It is possible to receive an email from a colleague that is illegitimate, to find out more on this please read our 2 previous post on email spoofing, director fraud/online security and Phishing.