Last update: 25/11/2022

Phishing is a method of email attack in which the scammer sends you an email pretending to be a person, company or trusted site in order to steal your passwords or sensitive information or take full control of your computer. 

To avoid falling into this trap, the tips below can help you spot a phishing email. 

How to spot a phishing email

  1. Were you expecting it? If the message comes from a person or entity you don’t know, think twice before replying, clicking on a link or downloading any attached files. 
  2. Who sent the message? Is the email address what you expected? Cybercriminals can use a similar email address to try to trick you. Check whether the email address is spelt correctly, the domain is trustworthy and, if it matches the name of the person who sent the email. 
  3. Is it asking you to do something? Phishing emails usually ask you to carry out an action such as clicking a link, downloading an attached file, replying to the message providing personal information, etc. They often try to create a sense of urgency to look for an immediate and irrational reaction.

    Always check the validity of the email with information you can get yourself instead of clicking on the links they give you. In the case of banking transactions, don´t click on links within the email, instead access your bank account through the official website or app.

Now let´s put these tips into practice. 

Let´s say you receive an email from a shopping website informing you that your account will be disabled within 24 hours due to an error with your account. It has a link asking you to click on it to update the details. 

Your line of thinking may be something like this. 

  • I was not expecting this email from the retail store (I´m automatically more cautious). 
  • The email address seems odd. I´ve received emails from this retailer before, but never with this domain. 
  • I see they´re asking me to click on a link – and with a sense of urgency. I login to my retailer’s app and see I have no notifications indicating an error with my account. 
  • And so, I think this may be a phishing email. 

Reporting phishing

Once you’ve detected a phishing email, don’t forget to report it to the official company that the email is attempting to impersonate. For example: Santander will never send you an email asking for personal details in order for you to gain access to your bank accounts. But if you do receive this type of phishing, you should inform Santander through the official channels.

This is really important as it helps to keep people and the internet safer. Companies can use this information to take action to inform other customers of the scam or take down phishing websites.

Other types of phishing: smishing and vishing

Phishing can also happen with a text message to your mobile rather than an email. This is called smishing. The message usually asks the person to call a phone number or click to proceed to a website. Imagine something like ‘Your prize is awaiting you. Go to and we will tell you where to collect it’. If it seems too good to be true, it probably is. A prize? Without having done anything? 

Vishing is when you get a phone call, and similarly seeks to deceive by impersonating the identity of a person or entity in order to ask you for sensitive information or gets you to take some kind of action. 

Remember that phishing is not a new type of fraud. These tactics have always been used to get a hold of information that allows criminals to achieve their goal. You can apply the same tips above to avoid being caught in these types of scams. 

You might like