How to recognise phishing emails


Phishing emails are specially crafted email messages used by scammers to trick unsuspecting recipients into giving out their personal information such as banking details and account passwords. These phishing emails usually copy the logos and use the same email formats of the organisations that the scammers are pretending to represent.

Fortunately, there are some simple ways to recognise phishing emails.

Check the email sender address

If the email sender address is from an unfamiliar domain or appears different from the organisation it is representing, this is an immediate tell-tale sign of a phishing email.

However, the reverse is not true. If the sender address matches the organisation’s, it does not prove that the email is legitimate. More often than not, the sender address is also spoofed such that it appears to come from the organisation’s domain.

Check for misspelling and bad grammar

If you spot obvious spelling or grammar mistakes in the email, it increases the probability of the message being a scam.

Check the embedded links

On desktop, you can check the actual url address that a link is linking to by moving your mouse cursor over (but not clicking on) the link. Depending on the browser you are using, the actual url address will appear at the bottom left of your browser window. If the address points to an unknown domain, you should not click on it.

On mobile, you can check the url address of a link by touching and holding your finger on the link until the pop up actions box appears. The address will be displayed at the top of the box.

Take note that scammers may also try to create links that look similar to the legitimate domain e.g. So check carefully before clicking.

Help combat phishing

You can help combat phishing scams by reporting any phishing email that you receive to your email service provider. Email providers such as Google Gmail and Microsoft all provide the option of marking an email message as phishing scam.