How to detect phishing emails

Written by Dave Nicholls. Tags: , ,

Phishing emails try to trick the recipient into revealing confidential information, usually by clicking a link in an email that takes the user to a fake website, where the information is requested.

These emails are made to look like genuine messages from banks or other online services and provide spurious reasons for clicking the links. Examples include:

  • Confirming or verifying account details
  • Confirming a payment or transaction
  • Checking ‘unusual account activity’
  • Needing to update an account

It is often hard to discern any difference between the attackers website and the genuine site. The more sophisticated phishing websites will redirect the user to the genuine website after recording the details requested, so the user may not even be aware that their information has been stolen.

Detecting phishing emails

The main way to detect a phishing email is through the links in the email. If the URL (the web address) of the links is not on the genuine site, do not click on them.

For example, if the email purports to come from paypal.com a valid URL for their site will include ‘.paypal.com’ just before the first forward slash in the URL after http://. Here ares some valid PayPal URLs:

  • http://www.paypal.com/
  • https://secure.paypal.com/login

Phishing emails will attempt to fake the URL by including the genuine domain name elsewhere within it.

  • http://www.paypal.otherdomain.com/
  • http://paypal.com.otherdomain.eu/login

Or use an IP address instead of a domain name at the start of the URL:


Another common technique is used is hiding the URL behind some text such as Login Here.

In Outlook (and other email clients), hovering your mouse over link text will display the URL it goes to. In a web browser, the URL will show in the bottom left corner of the browser window when the mouse hovers over it.

What to do if you find yourself on a phishing website or detect a phishing email

  1. Obviously, do not enter any information on the attackers website
  2. Close your web browser and run an anti-virus scan. Most phishing websites will attempt to leave malware on your computer just by visiting the site.
  3. Mark the email as Spam so that your email software will recognise it as spam next time.
  4. Report the email to the whoever it was trying to impersonate. Many banks and companies have an email address for reporting scams.

Other ways to detect phishing emails

  1. If the email is unexpected, e.g. if you haven’t recently made a payment or are not a member of the bank or online service
  2. If it requires you to enter personal information – most banks and other online services will not send you a link to login. They are more likely to direct you to their homepage and instruct you to login from there.
  3. If the reply address doesn’t look legitimate
  4. If the email seems ‘pushy’ or threatens you with closure of an account
  5. If the email has a generic greeting, most of the time, emails greet you by your name or a user name
  6. If the email is offering you free money – if it sounds too good to be true then it probably is.

Stop using IE7 and get a Free new computer

It sounds incredible, but a US company is offering a brand new computer to it’s…

One last fix for XP…

Despite months/ years of warnings about no updates for Windows XP after April…

First post Windows XP security issue?

is this the first

Top 5 reasons why super fast broadband is good for business

Super fast broadband continues to be rolled out in Leicestershire, but what…

Another earthquake hits Rutland

This made us chuckle: After the devastating news of the third earthquake to…

What is Cloud Computing?

Cloud Computing is the latest IT Jargon and seems to relate to everything new…

Better-IT Limited

3-3a Barrow Road, Sileby, Leicestershire, LE12 7LW.

e: enquiries@better-it.net

t: 0333 202 6365

Find us on:
Google Maps


Copyright © 2020 Better-IT Limited.
Page loaded in 0.099 seconds.