top of page

HeyIT Tips & Tricks #2 - 5 Easy Ways to Spot a Phishing Email Before It's Too Late

Red banner with "Hey IT Tips & Tricks Newsletter" text. Smiling woman on phone screen. Bold and informative.

📩 You open your inbox and see an urgent email from your bank. "Suspicious activity detected! Click here to secure your account."


Would you click?


Cybercriminals are getting smarter, but their phishing scams still have telltale signs.


Here are five things to watch out for to avoid getting caught out using a real life example from HeyIT!


 

1. Suspicious Sender Email Address

🔍 Check before you click! The sender's email might look legitimate, but a closer look often reveals odd misspellings or strange domain names (e.g., security@paypa1.com instead of security@paypal.com).

Email interface showing "Undelivered Mail Returned to Sender" from g1gabyte.com Admin. Red highlight on sender address.

2. Urgent or Threatening Language

⚠️ Scammers want you to panic! Phrases like "Act now or your account will be locked!" or "Your payment failed—update details immediately!" are designed to pressure you into clicking.

Email warning about account suspension if not retrieved in 48 hours. Blue "Retrieve Account Now" button. Text in a gray and white email layout.

3. Unusual Links or Attachments

🖱️ Hover before you click! Scammers often disguise links—when you hover over them, they reveal a completely different web address. Also, beware of unexpected attachments that could contain malware.

Email screenshot warns of account disconnection. "Retrieve Account Now" button with a phishing link to "mydodgywebsite.com" highlighted.

4. Poor Grammar and Spelling Mistakes

✍️ Professional companies proofread their emails. If you spot awkward phrasing, missing words, or grammar that doesn’t sound right, it’s a red flag!

Email phishing attempt with Bank of America logo. Text urges account info confirmation via a suspicious link. Formal tone and logo present.
Our phishing example didn't have any spelling or grammar errors so we have used another.

5. Requests for Personal or Payment Information

💳 No legitimate company will ever ask for sensitive details via email or link. If you’re asked to enter passwords, credit card numbers, or personal data, assume it’s a scam and verify with the company directly.

Phishing login page mimicking Microsoft, with "Enter password" prompt. URL shows "legitimate.net", likely a spoof. Sign in button visible.
Links in phishing emails will typically mimic a well known login page such as Facebook or Microsoft to get you to authenticate before viewing the content.

Final Tip: When in Doubt, Don’t Click!

If an email seems suspicious, trust your gut. Contact the company through official channels, report the email, and delete it. Stay safe and keep your inbox scam-free!

Website blocked notice with warning symbol, red text on white box, blue background. Mentions credential theft, malware risks, Proofpoint logo.
HeyIT customers are protected with ProofPoint email security. Even if a phishing attempt comes through, the link will be blocked by our filtering service as a second layer of protection.

Want to make sure your business is protected? Book a 15 minute free consultation with us below and we can see how we can help you and your business stay cyber secure!





Stay safe out there!

Breagha @ HeyIT






 

Tags:

bottom of page