Skip to Content

Identity And Access Management

6 Things to Look Out for to Avoid Phishing Scams

December 07, 2023

5 minute read

A fishing hook piercing a laptop, tablet, and smartphone

Phishing scams are an increasingly common aspect of daily life, and these malicious emails are likely sitting in the spam folder of your email account right now, waiting to be opened.

Over 500 million phishing attacks were reported in 2022—over double the number of attacks reported the prior year. As phishing attacks become a more prevalent issue for companies, there are certain signs to look out for to stop attackers in their tracks before they can harm your business.

The infographic below on how to spot a phishing email will cover the six indicators that a message may actually be an attack.


Phishing Awareness from the Infographic

  1. Sense of urgency
  2. Unexpected communication
  3. Grammar errors
  4. Malicious links
  5. Asking for sensitive information
  6. Suspicious email addresses

Sense of Urgency

Scammers will attempt to instill a sense of urgency to rush you into taking action, typically with something that is allegedly time-sensitive. By threatening a negative consequence, attackers can hasten your response, preventing you from catching inconsistencies in the email.

A good rule of thumb is to stop and think before you click a link! Anyone contacting you via email rarely requires a response that quickly.

Unexpected Communication

Is an email you received expected? Scammers will often pose as someone you know, like a boss or colleague, but what if you don’t ordinarily communicate with the sender via email? Or even if you do, why are they sending this message today?

Consider why an email is turning up in your inbox unexpectedly before clicking. If the email appears to come from someone you know, reach out to them through an alternative route, such as in person or via phone call, to check.

Grammar Errors

Spam emails are commonly littered with spelling mistakes, particularly if they are from another country where English is the second language. Keep your eye out for those errant apostrophes or incorrect verbiage, as many companies use spell-checking tools to ensure professionalism.

One or two mistakes can be human, but too many may indicate something worse than an unnoticed spelling error.

Malicious Links

Phishers frequently use shortened links and URL encoding to hide a link’s true destination. Do not click on one if you aren’t sure of where it’s taking you—use a link-expansion or URL decoding tool to verify a suspicious link.

Keep in mind that just visiting a malicious site, even if you don’t actively click to download anything, can be enough to get malware on your computer.

Asking for Sensitive Information

If an email asks you to send sensitive information, particularly regarding personal or financial knowledge, delete the email immediately. Hackers can create fake login pages that resemble the real, original ones. They also may use emails to request payment.

Attackers can use this information to further harm you or your company, and legitimate sources should have other, more secure, ways to access this data.

Suspicious Email Addresses

Check the address of the sender to ensure that the email is coming from the person they claim to be. Display names can be manipulated, so be sure to verify they’re legitimate.

Some common telltale signs that an email could be from a hacker include certain letters replaced by similar-looking numbers (like “0” for “o”) or the inclusion of special characters.

Preventing hackers from getting into a company’s system is critical. Request a risk assessment from DOT Security to discover what other vulnerabilities your company may be facing besides phishing emails.