Phishing emails are one of the most common and dangerous cyber threats facing small and medium-sized businesses (SMBs). These fraudulent messages are designed to deceive recipients into taking harmful actions, such as revealing passwords, transferring money, or downloading malware.
Unlike large enterprises, SMBs often lack dedicated cybersecurity teams, making it essential for every employee to be able to recognise and respond to phishing attempts. This guide will help your team understand what phishing is, how to spot it, and what to do when it appears in your inbox
What Is a Phishing Email?
A phishing email is a type of social engineering attack where cybercriminals impersonate a trusted source, such as a bank, supplier, or even a colleague, to trick recipients into compromising sensitive information or systems.
Phishing emails can take many forms, including:
- Credential harvesting: Asking you to log in to a fake website.
- Malware delivery: Disguising malicious attachments as invoices or reports.
- Business email compromise (BEC): Impersonating executives to request urgent payments.
- Spear phishing: Highly targeted attacks using personal or company-specific information.
These emails are often crafted to look legitimate, making them difficult to detect without careful scrutiny.
How to Identify a Phishing Email
Suspicious or Slightly Altered Sender Address
Phishing emails often come from addresses that look almost—but not quite—like a legitimate one. Attackers may use domain names that are subtly misspelled or include extra characters.
Examples:
Legitimate: support@barclays.co.uk
Phishing: support@barclayz.co.uk or barclays@secure-mail.com
What to do: Always hover over the sender’s name to view the full email address. If it looks off, don’t trust it.
Urgent, Alarming, or Threatening Language
Phishing emails often try to create panic or urgency to push you into acting quickly without thinking.
Common tactics include:
- Threats of account suspension or legal action
- Claims of suspicious activity on your account
- Requests for immediate payment or verification
Example subject lines:
- “URGENT: Your account has been locked”
- “Final warning: Payment overdue”
- “Unusual login detected—verify now”
Why it works: Fear and urgency are powerful psychological triggers that override rational decision-making.
Unexpected Attachments or Hyperlinks
Phishing emails may contain attachments or links disguised as invoices, receipts, or shared documents. These often contain malware or lead to fake login pages.
What to look for:
- Attachments with file types like .exe, .zip, .scr, or even .docm (macro-enabled Word files)
- Links that don’t match the displayed text
How to check: Hover over any link (without clicking) to preview the actual URL. If it looks suspicious or doesn’t match the sender’s domain, don’t click.
. 
Generic or Impersonal Greetings
Legitimate organisations usually address you by name, especially if you have an account with them. Phishing emails often use vague or generic greetings.
Examples:
- “Dear Customer”
- “Hello User”
- “Dear Sir/Madam”
What to do: Be cautious if the email doesn’t use your name or includes awkward phrasing.
Poor Grammar, Spelling Mistakes, and Odd Formatting
Many phishing emails originate from non-native English speakers or are hastily written. They often contain:
- Misspelled words
- Grammatical errors
- Inconsistent fonts or colours
- Logos that look pixelated or stretched
Why it matters: Reputable companies take care with their communications. Sloppy writing is a red flag.
Requests for Sensitive Information
Legitimate companies will never ask you to provide sensitive information, like passwords, bank details, or security codes, via email.
Be suspicious of emails that request:
- Login credentials
- Payment card numbers
- National Insurance numbers
- Two-factor authentication codes
What to do: Never share sensitive information via email. If in doubt, contact the organisation directly using a verified phone number or website.
Visual Example: Anatomy of a Phishing Email
Here’s a breakdown of a typical phishing email:
- From: security@netflix-support.com
- Subject: “Your account has been suspended”
- Greeting: “Dear Customer”
- Message: Claims your account has been locked due to suspicious activity and asks you to click a link to verify your identity.
- Link preview: http://netflix-login-alert.com (not a legitimate Netflix domain)
- Attachment: A fake invoice or PDF with embedded malware
Final Thoughts
Phishing attacks are becoming more sophisticated, but so can your defences. By learning to recognise the signs of a phishing email and encouraging a culture of caution and verification, SMBs can significantly reduce their risk of falling victim.
Key takeaways:
- Always verify the sender’s email address.
- Be wary of urgent or threatening messages.
- Never click on suspicious links or open unexpected attachments.
- Look out for poor grammar and generic greetings.
- Never share sensitive information via email.
Remember:
- Think before you click.
- Verify before you respond.
- Report suspicious emails immediately.
