You know that phishing attacks are a serious threat to you and your organization and you want to know if one is targeting you or your company. Examining the common indicators of a phishing attempt helps you spot them before they could strike.

What is Phishing?

Phishing emails are fake emails that pretend to be from a trusted source (like from a company you know) but are actually sent by bad actors. The goal of these messages is to steal personal data, which can then be used for identity theft or other frauds like card skimming from stolen credit card details. The scammers behind these kinds of scams are always looking for ways to get your personal information so they can pull off other scams later on.

Phishing can also operate as a service, commonly known as Phishing-as-a-Service (PhaaS), making it easily accessible to the common people with no prior technical expertise. 

View the latest statistics on phishing.

Top 10 Common Indicators of a Phishing Attempt

One of the most important things you can do as a business owner is to protect your data. If someone gains unauthorized access to your systems they could steal or alter sensitive information, such as credit card data and personal records. It’s increasingly common for legitimate business owners to be targeted by phishing attacks. On top of leveraging anti-phishing solutions, by understanding the signs of a phishing attempt, you can spot the scams early and prevent them from being successful. Here’s what to look out for when protecting your company from phishing attacks.

Now let’s get down to the most common indicators of a phishing attempt:

1. Grammar and Spelling Errors

A common indicator of a phishing attempt is the presence of grammar and spelling errors in the email content. The reason for this is that most emails originating from an untrusted source are not written by professionals. This means that there are no spell check features on their servers, and no proper proofreading or editing process.

In contrast to this, professional businesses are careful about spelling in their outbound email communications. Plus, they have hired professional copywriters to craft their email marketing messages.

Some common grammar and spelling errors in phishing emails are:

➜ Missing quotation marks (‘), periods (.), commas (,) and colons (:)

➜ Incorrect capitalization of words or phrases (e.g., “i am Bob”)

➜ Informal contractions like “u” instead of “you”

2. Unfamiliar Tone

The unfamiliar tone of an email is one indication that a phishing attempt is underway. It’s important to note that there are several ways to detect this, so it’s important to be aware of the different types of unfamiliar tones.

One way to spot an unfamiliar tone is by noticing that the email feels like it’s been created by someone who doesn’t know you very well. For example, the tone of the email may feel off from what you’re used to receiving from your company or other contacts.

Another way is by noticing that the email doesn’t seem to be related to anything going on in your life. For example, if you’re not expecting a bill to come in the mail but suddenly get an email that looks like it’s from your bank, this is a red flag.

3. Receiving Email at an Unusual Time

If you receive an email at a time that is unusual for you to be receiving emails from the sender, this is another indicator.

For example, if you’re used to receiving work-related emails during normal business hours but suddenly get an email from your boss after 11 p.m., this may be a sign that your inbox has become the victim of a phishing attempt. Or if someone sends you an email in the middle of the night on a Saturday or Sunday, that’s probably not normal.

4. Sense of Urgency

Another sign that an email is malicious is if it threatens you or makes you feel like you have to act quickly. This could be a warning about your account being suspended, for example, or pressure to respond within 24 hours or risk compromising your security. If the message makes you feel like something bad will happen if you don’t respond quickly, this may be a phishing attempt. For instance, a message saying that your account will be suspended if you don’t confirm your details could be a sign that it’s malicious.

5. Suspicious Attachments

A common indicator of a phishing attempt is a suspicious attachment. The bad guys often use phishing emails to send these attachments because they know many people are curious enough to open them and click on whatever links or buttons they contain.

These attachments may be a Word document or zip file, for example. But if you open the attachment and it’s malicious, it could infect your computer with malware that steals your login credentials. If you get an email with a suspicious attachment, don’t click on it!

*Although it’s best to scan attachments for viruses before opening them, some email providers— like Gmail and Yahoo —have incorporated advanced checking filters that will automatically show the attachment in question as ‘Blocked Attachments’ if found suspicious.

6. The Recipient Never Started the Discussion

Phishing attempts are often initiated by scammers or hackers who send emails to random people and hope that someone falls for them. If you didn’t initiate the conversation, then the email may be a phishing attempt.

To entice the recipient, many cold emails state that he or she has won a prize, qualifies for one if they reply right away, and will not be eligible at all if they do not respond. So in cases where the recipient is not a current or former customer, there is an increased probability that the email will be spam.

7. Abnormalities in Email Addresses, Hyperlinks, and Domain Names

Phishing emails are often sent from an address that is not consistent with the domain name or website of the organization that is being impersonated. For example, if you receive a message purporting to be from Microsoft but it was sent from an email address that ends in or, then this should raise red flags for you.

It is also a good idea to check that the originating email addresses match previous correspondence. If there are hyperlinks in the email, hover over each one to see what URL it will take you to. If an email is supposedly from Amazon, but the hyperlink directs you to a different website entirely (like, that’s probably evidence of fraud.

8. Email Coded Entirely as a Hyperlink

Email coding is a new practice among fraudsters and scammers. They know that people have got smart, and they will not click on a link given in the email. Therefore these fraudsters code the entire email as a hyperlink in <HTML> format. When an email is coded entirely as a hyperlink, the whole email becomes clickable. This means when a user clicks anywhere inside the email message it takes them to the imposter page.

9. Unrealistic Demand or Request

Phishing scams typically begin with an email or other communication that asks you to take action. The request might be a reasonable one, such as asking you to confirm or update your personal information. However, some phishing attempts are designed to make you do something that seems unreasonable or unlikely—such as paying a bill through a new payment method or providing your login credentials to a third party for verification.

10. Emails with Brief Description

Not all phishing emails are long and detailed, but some short ones can fool you into thinking they’re legit. These kinds of short emails are usually brief and to the point—they often begin with “here’s your requested information” and then immediately attach malware files. For instance, scam artists will create spoofed emails from Peter of XYZ company that appear to be from a trusted vendor or supplier. These messages may include vague requests for information bundled with an attachment titled ‘additional information’ in hopes of luring the victim into clicking on it and compromising their computer’s security.

Combat Phishing with PowerDMARC’s Zero Trust Security Model

When it comes to email security, a lot of companies fall behind. They are forced to rely on the default settings of their email provider which leave their email vulnerable to phishing attacks. Thus, ending up with hacked inboxes and lost customers.

We at PowerDMARC combat phishing by implementing a zero trust security model via a combination of DMARC, SPF, and DKIM protocols–which help a business verify who an email’s sender is before allowing it through their servers.

We prevent the sending of emails from compromised domains by sending invalid DKIM Signature or DMARC authentication failure reports back to those sending servers. By validating the email sender’s domains we simplify your life as you won’t have to come across phishing emails anymore.

We hope the article made you aware of the common indicators of a phishing attempt! Sign up for our free DMARC analyzer today and see how we protect your email from malicious attacks.