Recognising Malicious Emails
Malicious emails, also known widely as phishing emails, are one of the most common methods scammers use to steal personal information, financial details, or even infect your phone or computer with dangerous tools. These deceptive messages are designed to look like they're from trusted organisations, such as your bank, government agencies, or well-known companies, making them difficult to spot at first glance.
In this section, you'll learn what phishing emails are, how to identify the warning signs of a phishing attempt, and the critical steps to take if you receive one. From spotting suspicious links to recognising fake email addresses and unusual language, you'll be equipped with the knowledge to protect yourself.
Understanding how phishing works and being able to recognise these threats is one of the first and most important steps to staying safe online. With the right awareness, you can avoid falling victim to these scams and keep your personal information secure.
What Are Phishing Emails?
A phishing email is a fake message that pretends to be from a trusted company, like your bank, an online shop, or a service you use. The goal is to trick you into clicking a link, opening an attachment, or giving away personal information such as passwords, bank details, or even your identity.
Phishing emails often use urgent or scary language to make you act quickly without thinking, such as threatening to close your account or warning of suspicious activity. Even though these emails can look very real, there are usually small signs - like strange email addresses, spelling mistakes, or suspicious links - that give them away.
Signs of a phishing email
Phishing emails can be tricky to spot, but you should always look out for the following:
- Urgent language ("Your account will be closed!")
- Generic greetings ("Dear Customer")
- Suspicious links (hover to preview before clicking)
- Unexpected attachments
- Bad spelling or grammar mistake
If you are still unsure after checking these things, contacting the supposed sender of the email is the best course of action but do not use the contact details from the email, search the company online then contact via official, public details.
The image (above if you are on mobile, to the right if you are on computer/laptop) is an example of a phishing email. You can see from the senders address that there is a spelling mistake and also note the sense of urgency and generic tone (Dear Customer, please click the link below within 24hrs). These kinds of emails are more than likely dangerous, and you should not click any links or respond to the sender.
What To Do If You Receive a Phishing Email
If you believe an email you've received is in fact phishing, you should ensure you check off the following:
- Don't click on any links or attachments
- Don't reply to the email
- Report the email to "report@phishing.gov.uk" (more info here)
- Delete the email
If you have clicked on a link then entered credentials, you should change all your passwords immediately and contact your bank if any financial information was given. If you opened an attachment, you should run a virus scan on your device straight away to ensure there are no malicious applications or services. If you have suffered loss of data or money, please check out our "Get help after a scam" page for more info, by clicking this text.