5 ways to detect a phishing email


    It can sometimes be hard to identify a phishing scam, or you realise a little too late. 

    Phishing scams usually look like a legitimate email, often from a brand that you may recognise. Cyber-scammers will often use the names, and branding of larger companies that you are more likely to recognise, such as HMRC, your bank, Apple or Amazon to help give an air of legitimacy to their email. One of the most common approaches is to ask you to click on a link to update your account, or to access a refund that has been awarded and is ready for collection. Even if you think you know the sender, they may not be who they say they are so it’s always worth undertaking a few checks before you click on that link. If there is any doubt that the sender may not be genuine, or if they are encouraging an undue sense of urgency, don’t click until you’re absolutely confident that it’s the right thing to do.  

    5 ways to detect a phishing email 

    1. The email is sent from a public email address 
    2. Look at the sender’s email address, this will give more clarity into who the actual sender is. It will be different from the company address that it is making out to be from. For example, an email from Amazon is unlikely to come from an address that includes ‘gmail’ or has a series of numbers in it. 
    3. Strange attachments 
    4. If the email is unexpected, or comes from an unknown recipient (or one that looks untrustworthy), beware if it asks you to open an attachment. These attachments can contain malware (malicious software programs that load automatically) that can harm your computer and capture personal data, often without you knowing this is happening.
    5. The unnecessary creation of a sense of urgency
    6. Phishing emails will often make themselves out to be urgent, in the hope that you will panic and not pay enough attention to the potential risks. This may be achieved by saying that your personal data has already been accessed, and that you should verify or make changes to it urgently, or reset a password to stop any further damage occurring.
    7. Links to unrecognised websites, or website addresses that subtly misspell a familiar domain name
    8. Phishing emails normally ask you to click on a link within the email. If you hover your mouse over the link it may come apparent that the website address (or URL) is mis-spelled, or completely different from who they are pretending to be. 
    9. Poor spelling and grammar 
    10. You can often detect a phishing email by the way it is written. The style of writing or tone of voice used will often be very different from the sender who they are pretending to be; poor spelling or grammar is a good giveaway to a phishing scam that has originated overseas. 
    If any of these warning signs appear at any time or if in any doubt at all, do not click on any links, or open any attachments. If you wish to check the validity of the email, you should contact the provider (using a publicly available contact email address or telephone number from their website, and not the contact details specified within the email itself).

    For more tips on how to stay safe online, we've covered how to avoid falling victim to bank transfer fraud and how to protect yourself against identity theft.



    Your property may be repossessed if you do not keep up repayments on a mortgage or any other debt secured on it. Your home may be repossessed if you do not keep up repayments on your mortgage. Loans are subject to status, terms and conditions. This website is for information purposes only. If you are in any doubt regarding suitability of our products please seek advice from an accredited independent mortgage adviser.

    You risk losing capital should Castle Trust become insolvent.

    Castle Trust is the trading name of both Castle Trust Capital plc (company number 07454474) and Castle Trust Capital Management Limited (company number 07504954) both registered in England and Wales with registered offices at 10 Norwich Street, London, EC4A 1BD. Castle Trust Capital plc is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority, under reference number 541910. Castle Trust Capital Management Limited is authorised and regulated by the Financial Conduct Authority, under reference number 541893.

    © 2020 Castle Trust. All rights reserved.

    This website is for authorised intermediaries only. This information has not been approved for use with customers and is not intended for public or customer use. Please confirm that you are an intermediary before accessing information on this website.

    Go back