What Is a Phishing Email?

A phishing email is a fake message designed to trick you into handing over personal information — like your password, bank details, or home address. These emails are sent by criminals who pretend to be from legitimate organisations such as your bank, Royal Mail, HMRC, Amazon, or even your email provider.

The name comes from "fishing" — criminals are casting out bait, hoping someone will bite. The good news is that once you know what to look for, these scams become much easier to spot.

8 Warning Signs of a Phishing Email

1. It Creates Urgency or Panic

Phrases like "Your account will be closed in 24 hours", "Immediate action required", or "Suspicious activity detected" are designed to make you act quickly without thinking clearly. Legitimate companies rarely demand such rushed action by email.

2. The Sender's Email Address Looks Odd

Look closely at the email address — not just the name. A scammer might display the name "Amazon" but the actual email address could be something like amazon-support@xyzmail.ru. Real companies email from their own domain (e.g. @amazon.co.uk).

3. It Contains Spelling or Grammar Mistakes

Many phishing emails contain obvious typos, awkward phrasing, or poor grammar. Professional organisations proofread their communications carefully. Multiple errors are a red flag.

4. There's a Suspicious Link

Before clicking any link, hover your mouse over it (on a computer) to see where it actually leads. The displayed text might say "Click here to verify your account" but the real link goes to a fake website. If the web address looks strange or doesn't match the organisation, don't click it.

5. It Asks for Personal or Financial Information

Banks, government agencies, and reputable companies will never ask for your full password, PIN, or banking details via email. If an email asks for these things, it is almost certainly a scam.

6. The Greeting Is Generic

Real companies usually address you by your name (e.g. "Dear Jane Smith"). Phishing emails often use generic greetings like "Dear Customer", "Dear Account Holder", or no greeting at all.

7. There's an Unexpected Attachment

Be very cautious about opening attachments you weren't expecting — especially files ending in .exe, .zip, or .docm. These can install harmful software (malware) on your device.

8. The Offer Seems Too Good to Be True

Emails claiming you've won a prize, inherited money, or can claim a refund you weren't expecting are almost always scams. As the old saying goes — if it sounds too good to be true, it probably is.

What Should You Do If You Receive One?

  1. Don't click any links or open any attachments.
  2. Don't reply to the email — this confirms your address is active.
  3. Mark it as spam or junk in your email app.
  4. Delete it.
  5. If you're unsure whether it's genuine, contact the organisation directly using their official website or phone number — not the contact details in the suspicious email.

What If You've Already Clicked a Link?

Don't panic — but do act quickly:

  • Change your passwords for any affected accounts immediately.
  • Contact your bank if you entered any financial details.
  • Run a security scan on your device using antivirus software.
  • Report the scam to Action Fraud (UK) at actionfraud.police.uk or your country's relevant authority.

Staying informed is your best defence. Share these tips with family members — especially older relatives who may be less familiar with online scams.