Five ways Employees can spot a Phishing Email

According to a report published in the Economic Times, The number of COVID-19-related phishing emails attacks has increased by 667 per cent since the end of February.

“Dear customer, the password of your XYZ account will be expiring in the next 24 hours. Please click on the link below to renew your password.”

Do these kinds of emails look familiar to you?

If your response is affirmative, then, unfortunately, you have been a victim of phishing! It is undoubtedly a reason for concern, but the good news is that you are not alone and there are ways to tackle this.

But then what is phishing, and how dangerous is it?

How do you spot it and avoid getting phished?

Worry not, for we have got you covered. Read till the end of this article to find answers to those pestering questions in your mind about phishing.


What is phishing?

Phishing is a cybercrime where hackers target and con people via emails, text messages, or telephone calls by imposing themselves as legitimate companies or institutions. They lure in the users by sending attractive or urgent-actions and con them into providing their personal information.

The personal information, which is often confidential, is then misused by those hackers to gain access to the user’s account and can lead to a hefty financial loss and identity theft.


How do you protect yourself from phishing?

Now that you are aware of what phishing is, and what loss you might have to suffer if you are not cautious, you can gauge how dangerous this cybercrime can be.

Feeling panicked? Well, don’t be.

Similar to any other theft, phishing can also be stopped and avoided, provided you have your guard up. Although we understand that being always on the lookout in your day-to-day life would seem impractical, yet, we urge you to keep the following things in mind:


Ways to spot a phishing email

While you use the Internet daily, it is imperative for you to beware of the following ways a hacker can target you to steal your personal information. The following things should be a red flag in your mind as soon as you come across such malicious email:

1. Emails demanding urgent action

It is in our nature to instantly act whenever we come across any pressing situation, and the cyber crooks use this against us. Any email stating a loss of opportunity lest an urgent action is taken right away is a phishing email.

You should always read the emails thoroughly and take note of all the miswritten words or any potential flaws carefully. Instead of getting swayed away by the false “urgent situation” created by the hacker, you should act patiently and judiciously.


2. Inconsistencies in email addresses, links & domain names

Inconsistencies in email addresses and domain names are some of the most prominent flaws that hover the red flag of a phishing attack. Read the email address of the sender and make sure it is from a legitimate source. No authentic organization will send you messages from a public domain, for example, “”

Any genuine company or institution will have its organization’s name in the domain name of the email address. Move your mouse pointer over the link and carefully read what pops up. If the email claims to be from a legitimate source and the pop-up’s domain name is different, immediately report that email.


3. Emails with an unfamiliar greeting or salutation

What is the first thing that you notice while reading any email?

The salutation at the beginning of the email, right? Any authentic company that sends you an email will start the email’s greeting by addressing you by your name. If you find unfamiliar greetings such as “Dear Customer” in the email, then that should arouse suspicion.


4. Suspicious attachments

All of your work-related emails will have attachments with known extensions, such as .docx, .pdf, etc. However, the email attachments that raise immediate suspicion are those that come with unfamiliar extensions such as .exe, .zip, etc. Such attachments usually contain malware, and it’s best that you do not open them.


5. Emails requesting login credentials, payment information, or sensitive data

Remember when your bank says, “XYZ bank never asks for your ATM pin or any confidential information over phone, email, or text message”?  This is true. No legitimate company or institution will ask for your login credentials or payment information.

You should never put in your confidential data in the login page to which you get redirected to unless you know that the email is authentic and legitimate.


Final thoughts

We hope you have understood that educating your employees regarding the hazardous phishing attacks and its consequences is crucial. Inform and condition your employees to be aware of such malicious threats and to report if they spot anything suspicious immediately.

You might argue that you can bypass all the precautions mentioned here by enabling the spam filter in your email, but the sad truth is that those filters are not always 100 percent effective. Therefore, the need to be cautious before responding or opening any attachments in the emails become of utmost importance.

Be informed. Stay protected.