Here is a very simple Top 10 list to help you spot Phishing Emails:
1) Don’t trust the display name
Just because the email says it’s coming from the name of a person you trust or know doesn’t mean that it is. Check the senders email address and confirm the true sender.2. Think before you click
2) Think before you click
Hover over links that you are unsure of before you click on them. Do they direct you to where they are supposed to go? If the text looks suspicious or doesn’t match then do not click on it!
3) Check for Grammar & Spelling Issues
Attackers some times overlook the ‘quality’ of the content in their emails, check to see if the message is grammatically correct.
4) Look at the salutation
Is it a vague message? Is the message addressed to “Valued Customer” or “Dear [Insert Title]”
5) Never give out personal information
Legitimate organisations will never ask for your personal information in an email – when in doubt go to the website directly.
6) Beware of urgency
Phishing emails try and make it sound like there’s some sort of emergency happening (for example the Boss needs £10,000 transferring now else a supplier is going to cut you off. Or, my personal favorite: the Nigerian Astronaut who’s stuck in space who needs your help!) https://www.telegraph.co.uk/news/newstopics/howaboutthat/12160621/Nigerian-astronaut-lost-in-space-email-419-scam-sweeps-the-internet.html
7) Check the email signature
Most legitimate senders use a signature block at the end of their messages. Check this to see if it matches up with whoever sent the email.
8) Be careful with attachments
Attackers will try and hide malicious code in attachments that aren’t what they say they are. It’s very easy to create a fake icon for Word, Excel or even a PDF. If you open the attachment you could be in a world of trouble.
9) Don’t be too trusting
If something seems slightly off, it is better to be safe than sorry. Is this message really worth it?
10) When in doubt contact the person/website directly
If possible, pick up the phone or visit the website of the organisation directly. It’s better to inconvenience yourself than to put yourself at risk.
Remember there is no single fool-proof way to avoid phishing attacks.