How do I spot a phishing email?

Phishing emails are a pain; while some are easy to spot, the more sophisticated ones can easily fool you.

Below is an excellent example of a well-crafted phishing email. Before you learn how to spot a fake, let’s first examine how it can dupe you.

How does a phishing email work?

An email arrives in your inbox with the subject heading: Your TalkTalk bill payment failed.

(The example used is about TalkTalk, but it works the same for nearly any online account.)

This is classic phishing, as the heading warns you of a problem. Straight away, you’re interested and concerned enough to open the email.

The main body of the email is instantly recognisable if you are a TalkTalk customer. A good phishing email uses a layout that looks familiar and therefore appears authentic. This example may be TalkTalk, but it could be a similar scam using Apple, PayPal, eBay, Amazon, etc.

The text also weaves a tale of woe with phrases like payment failed and disconnection date. As with the subject heading, these words try to push you into action. The scammers are scaring you into believing you have an issue and then offer help – all you have to do is go to your TalkTalk account by clicking the button below.

Doing so takes you to a page that looks like this:

If you are familiar with TalkTalk, it looks just like it should do. Unfortunately, it’s a fake website, and if you enter your details, you’ll have given them away. The crooks can then use the information to log in to your actual account website and do whatever they fancy.

So, given the credible appearance of the message, how do you spot a phishing email?

How do I spot a phishing email?

One of the first things to do to check if an email is fake is to see who sent it. In this email, it says it’s – as expected – from TalkTalk.

However, if you move your mouse cursor over the word – but don’t click – the actual email address should appear. If you’re using a phone or tablet with a touch screen, it’s slightly different. Instead, pressing and holding the word should do the same thing.

Now you can see that the email address doesn’t look like one TalkTalk would use. And that’s because it isn’t.

You can do the same check with the My Account button. Remember, this is the all-important button for the scammers: click this, and it takes you to the fake website that can grab your details. While it will vary on other phishing emails, the same principles apply.

As before, you move your mouse pointer over the button, but don’t click.

Again, you can see the address isn’t what you would expect for a TalkTalk website.

You should now be able to put the deerstalker hat and magnifying glass away; your stint as Sherlock Holmes is complete. The email is fake and should be deleted from your inbox. Before you do though, it might be a good idea to report it.

How do I report phishing emails?

To help the fight against phishing in the UK, the National Cyber Security Centre has set up a service to allow you to report fake emails. All you have to do is forward the email to the following address:

Using the information you send, they can hopefully take down the culprits and reduce this type of spamming.

One step beyond

There’s one further check you can make, but you shouldn’t need to. If you follow the advice above, you should hopefully find it easy to spot a phishing email.

Yet, let’s assume you do. In this example, the website looks genuine.

However, the actual website address found in the address bar at the top of your web browser will give another story.

Like the examples given earlier, this address doesn’t look like anything TalkTalk would use – and that’s because it isn’t. It’s time to close the browser and report the email.


Phishing emails are the start of most identity theft, and some are very convincing. By using the tips above, you should hopefully avoid getting caught out.

READ NEXT: How do I stop Chrome notification scams?

About the author

Mark Parvin

I have worked with and wrote about computers, video games and consumer tech for more years than I care to admit.
I currently run my own IT support business and write about the wonders of tech whenever I can.

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.