Business eCommerce Tech

How to Spot a Phishing Scam

Did you know that over 135 million phishing scams are attempted daily? Phishing scams are usually delivered in the form of emails, which encourage users to share and disclose personal information. 

In this guide, we’ll discuss how to spot a phishing scam and provide advice to help businesses steer clear of danger. 

Types of phishing scams

There are various types of phishing scam, including:

  • Whaling: impersonating high-profile agencies or brands
  • Malware: encouraging users to download files and click on links
  • Spear phishing: impersonating close contacts, for example, colleagues, encouraging the user to disclose sensitive information or take action, such as making payments.
  • Email phishing: using generic emails that imitate well-known organizations or companies to urge users to take action, for example, clicking on a link or settling a bill quickly. 

Signs of phishing scams

Being aware of common signs of phishing scams can help to prevent cyberattacks and protect sensitive company, employee and customer data. Here are some red flags to look out for:

  • Emails from unusual and unknown domain names: if you hover over the sender address, you will often see an unrecognizable domain name.
  • Poor grammar and spelling: often, phishing emails are badly written. Grammatical errors, misspelt words and unusual phrases are a common feature of scam emails. 
  • Suspicious links and attachments: many phishing emails contain links or attachments that look suspicious.
  • Intimidation and threats: phishing scams are designed to push users to act quickly and to trigger an emotional response. Some emails contain threats and intimidating language, which is used to make the user feel like they have no choice but to follow the instructions. Always remember that reputable organizations will never intimidate customers or employees via email. 
  • Requests for money and notifications about missed or delayed payments: it is very common for phishing emails to ask people to make payments or to raise queries about missed or delayed payments. A reliable, trustworthy company will not ask you to make payment via email. 
  • Imitation emails from high-profile brands: many emails look like they may have come from brands and businesses, but on closer inspection, they are fake messages. Look for tell-tale signs such as misspelt brand names, using the wrong logo, suspicious domain names and spelling errors within the text. Examples of brands that are impersonated most frequently include Amazon, PayPal and DHL. 

Examples of common subject lines and requests in phishing emails include:

  • Suspicious activity on your account
  • Problems with your account or payment information
  • Free coupons and prizes
  • Fake invoices
  • Requests to confirm identity or make a payment
  • Problems with your order or delivery
  • Account limitation threats

Minimizing risks

Companies and organizations can minimize the risks of phishing scams by providing staff training, using filters to identify junk mail and suspicious messages and utilizing robust security measures to monitor systems and prevent breaches. Outsourcing IT, for example, hiring an agency to provide IT services in San Francisco, can also help to protect customer and company data. 


Phishing scams are incredibly common, and in some cases, they can be tricky to spot. To protect against phishing emails, it’s beneficial to learn to spot warning signs, to undertake cybersecurity training, to implement robust cybersecurity measures and to remember that reputable organizations will never ask for personal information or payments via email.