5 ways to detect a phishing email


    It can sometimes be hard to identify a phishing scam, or you realise a little too late. 

    Phishing scams usually look like a legitimate email, often from a brand that you may recognise. Cyber-scammers will often use the names, and branding of larger companies that you are more likely to recognise, such as HMRC, your bank, Apple or Amazon to help give an air of legitimacy to their email. One of the most common approaches is to ask you to click on a link to update your account, or to access a refund that has been awarded and is ready for collection. Even if you think you know the sender, they may not be who they say they are so it’s always worth undertaking a few checks before you click on that link. If there is any doubt that the sender may not be genuine, or if they are encouraging an undue sense of urgency, don’t click until you’re absolutely confident that it’s the right thing to do.  

    5 ways to detect a phishing email 

    1. The email is sent from a public email address 
    2. Look at the sender’s email address, this will give more clarity into who the actual sender is. It will be different from the company address that it is making out to be from. For example, an email from Amazon is unlikely to come from an address that includes ‘gmail’ or has a series of numbers in it. 
    3. Strange attachments 
    4. If the email is unexpected, or comes from an unknown recipient (or one that looks untrustworthy), beware if it asks you to open an attachment. These attachments can contain malware (malicious software programs that load automatically) that can harm your computer and capture personal data, often without you knowing this is happening.
    5. The unnecessary creation of a sense of urgency
    6. Phishing emails will often make themselves out to be urgent, in the hope that you will panic and not pay enough attention to the potential risks. This may be achieved by saying that your personal data has already been accessed, and that you should verify or make changes to it urgently, or reset a password to stop any further damage occurring.
    7. Links to unrecognised websites, or website addresses that subtly misspell a familiar domain name
    8. Phishing emails normally ask you to click on a link within the email. If you hover your mouse over the link it may come apparent that the website address (or URL) is mis-spelled, or completely different from who they are pretending to be. 
    9. Poor spelling and grammar 
    10. You can often detect a phishing email by the way it is written. The style of writing or tone of voice used will often be very different from the sender who they are pretending to be; poor spelling or grammar is a good giveaway to a phishing scam that has originated overseas. 
    If any of these warning signs appear at any time or if in any doubt at all, do not click on any links, or open any attachments. If you wish to check the validity of the email, you should contact the provider (using a publicly available contact email address or telephone number from their website, and not the contact details specified within the email itself).

    For more tips on how to stay safe online, we've covered how to avoid falling victim to bank transfer fraud and how to protect yourself against identity theft.



    Your home may be repossessed if you do not keep up repayments on your mortgage. Loans are subject to status, terms and conditions. This website is for information purposes only. If you are in any doubt regarding suitability of our products please seek advice from an accredited independent mortgage adviser.

    Your eligible deposits with Castle Trust Bank are protected up to a total of £85,000 by the Financial Services Compensation Scheme, the UK’s deposit guarantee scheme. Any deposits you hold above the limit are unlikely to be covered. For further information about the compensation provided by the FSCS, refer to the FSCS website at fscs.org.uk.

    Castle Trust Bank means Castle Trust Capital plc, a company incorporated in England and Wales with company number 07454474 and registered office at 10 Norwich Street, London, EC4A 1BD. Castle Trust Capital plc is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority, under reference number 541910.

    © 2021 Castle Trust Bank. All rights reserved.