INSIGHT: How to Recognise a Phishing Attack

INSIGHT: How to Recognise a Phishing Attack


One of the most frequent cyber-attacks is phishing, which can cause financial loss, identity theft, and unauthorised access to private information. Cybercriminals use sophisticated ways to pose as a reliable business and trick people into disclosing personal information, such as usernames, passwords, or credit card details.

To protect your digital life, it’s essential to recognise a phishing attack, which means you need to be constantly alert and knowledgeable. In this insight, we’ll discuss the warning indications of phishing attempts and give you useful tips to help you stay safe.

Phishing In Numbers:

  • Up to 90% of cyber-attacks are phishing (Source: CISCO’s “2021 Cybersecurity Threat Trends report”)

The report went on to find that:

  • Of those, 65% is spear phishing, the most common
  • 88% of companies are attacked every year
  • In 86% of organisations, at least one person opened a phishing link
  • Up to 61% of people would not recognise a fraudulent website and are at constant risk of falling for phishing
  • When asked if they were a victim of a phishing attack, 24% said yes, and 22% did not know

Unfamiliar or Suspicious Email Senders

An email that looks to be from a trustworthy source, such as a bank, a well-known online business, or even your employer, is the first step in a standard phishing campaign. Be cautious when opening attachments, clicking links, or sending personal information in emails from unfamiliar or dubious senders. Examine the email address carefully for minute discrepancies like misspellings, strange domain names, or the usage of subdomains to impersonate real addresses

Unsolicited Requests for Personal Information

You will frequently be prompted to confirm or supply sensitive information in phishing emails, such as login passwords, credit card details, or social security numbers. Email requests for such information are uncommon from trustworthy companies and institutions. When presented with such requests, it is crucial to hold back the impulse to agree right away. Instead, contact the alleged sender using a known, secure web address or a verified phone number to establish the message’s legitimacy.

Sense of Urgency

Phishing attacks frequently create a sense of urgency to persuade users to make snap judgements. Be sceptical of emails that demand quick action, such as those that allege your account has been compromised or that if you don’t take immediate action, you’ll lose access to your money. Spend time ensuring the email is genuine and consider whether the circumstances call for such urgency.

If you don’t understand viruses, phishing, and similar threats, you are more susceptible to them. If you don’t know how social networks leak information that you thought was private, you’re likely to reveal much more than you realise.

Brian Kernighan (Professor of Computer Science at Princeton University)

Generic Greetings

Phishing emails could contact you by name instead of generic salutations like “Dear Customer” or “Dear Valued Member.” Cybercriminals frequently employ this strategy when sending bulk emails to potential victims. Genuine businesses are more likely to use your name or other unique identifiers to personalise their communications.

Poor spelling and grammar

Grammar and spelling issues are common in phishing emails. These can be introduced accidentally or on purpose to get past spam filters. They’re a clear sign that the email isn’t coming from a credible source in any event. To make sure their communications are error-free, respectable organisations typically have them edited and proofread.

Unrelated or cryptic URLs

Linking to dangerous websites created to steal your personal information is a common feature of phishing emails. Hover your mouse pointer over these misleading links without clicking to reveal their true URL in the bottom-left corner of your screen. Check the web address for any subtle discrepancies or intentional misspellings. Additionally, be wary of truncated URLs because they may be used to mask the link’s actual location.

Unexpected Attachments

Email attachments that are unexpected or unsolicited should be considered suspicious since they can be infected with viruses or malware. Verify the sender’s identity and the attachment’s intended use before opening any attachments. If you have any doubts, contact your IT department to verify the email’s legitimacy.

Unreliable Websites

Phishing websites frequently use unsecure connections while imitating the layout of trustworthy websites. To check if a website is safe, look for the padlock icon and “https://” at the beginning of the web address. In addition, look for differences between the fake website and the real one regarding functionality, appearance, or content. Finally, avoid entering your personal information until you are confident of its origin.

Social Media Fraud

Phishing attempts can take place on social networking sites in addition to emails. Avoid clicking links or downloading attachments when receiving unwanted communications from unidentified accounts. Additionally, con artists could establish false profiles using your friends’ or acquaintances’ names. Before accepting a friend request from someone you are already connected to, contact them using a different method of communication.

Telephone phishing

Cybercriminals increasingly use rogue mobile applications, instant messaging services, and text messages to target smartphones and tablets in practice, known as mobile phishing. Avoid clicking on dubious links and downloading programmes from untrusted sources—instead, only download software from reputable app shops like Google Play or the Apple App Store. On your accounts, enable two-factor authentication (2FA) to increase security.

Information security is the immune system in the body of business.

Kevin Pietersma (Information Security Architect, University of Toronto)


Protecting your sensitive information and upholding your online security depends on your ability to spot phishing attacks. You can considerably lower your chance of falling victim to these unscrupulous schemes by remaining watchful and adhering to the recommendations provided in this article. In addition, always confirm the legitimacy of messages and websites to strengthen your defences against cyber dangers further. You should also keep your equipment and software updated. If in doubt, always be on the side of caution rather than compromising your personal information.