Spotting the hooks: 5 common indicators of a phishing attempt

  • While occasional mistakes are common, phishing attempts often contain multiple spelling and grammatical errors, which can indicate a fraudulent email.
  • If you receive an urgent email requesting unusual tasks, especially from someone you don’t typically interact with.

Phishing remains a prevalent cybersecurity threat, leveraging deceptive tactics to trick unsuspecting individuals into divulging sensitive information or performing harmful actions. This form of cybercrime is particularly insidious due to its ability to mimic legitimate communications effectively. Recognising the common indicators of a phishing attempt is crucial in safeguarding personal and organisational data from malicious actors.

Also read: HKBN offers free phishing assessments to SPO

Also read: Can firewalls prevent phishing?

5 common indicators of a phishing attempt

Phishing emails are effective because they appear genuine and can be challenging to detect. However, there are several common signs of a phishing attempt via email that users should be aware of.

Spelling errors: Everyone makes the odd spelling or grammar mistake, but phishing attempts often contain numerous errors. If an email includes multiple signs from this list and numerous spelling and grammatical errors, it’s likely a scam.

Unusual requests: If you rarely communicate with your CEO and suddenly receive an urgent email from them requesting you to complete a seemingly mundane task (like sharing your phone number), it’s probably an illegitimate request from a threat actor.

Strange email content: A phishing email may have content that doesn’t align with your usual interaction with the supposed sender. For instance, the sender might introduce themselves in the email despite claiming to be someone you already know.

Personal information solicitation: Most companies understand that email isn’t secure, so they rarely use it to request personal information. An email asking for sensitive details (e.g., date of birth, home address, etc.) is likely an attempt to steal your data.

Unfamiliar email addresses: If other indicators on this list are present but you’re still unsure, check the email address of the sender. If it appears genuine (e.g., a legitimate company email address), then it might be safe. However, if the email address doesn’t match that of the sender, it’s probably phishing.

How to prevent

Use strong passwords on your accounts: As phishing attempts become more sophisticated, there’s an increased risk of inadvertently falling victim to one. If that happens, the first thing you need to have secured is your accounts. Typically, cybercriminals target online accounts first because they contain personal details such as credit card numbers, home address, and date of birth. Ensure each of your accounts is protected with a strong and unique password to make it challenging for cybercriminals to gain access.

Creating strong passwords for each account can be challenging, so we recommend using a password manager to help generate and securely store them.

Enable multi-factor authentication on your accounts: In addition to strong passwords, it’s crucial to enable Multi-Factor Authentication (MFA) wherever possible. MFA is a security measure that adds an extra layer of protection by requiring additional forms of authentication beyond just a username and password.

If you happen to fall victim to a phishing attempt and disclose your login credentials, having MFA enabled would prevent cybercriminals from compromising your account since they wouldn’t be able to verify their identity.

Check links before clicking them: It’s a cybersecurity best practice to avoid clicking on unsolicited links. Even if you believe a link you received is safe, it’s essential to verify it beforehand. There are two ways to check the safety of a link:

Hover your mouse over the link: Hovering over a link reveals the actual website address it will direct you to when clicked. If the website address looks suspicious, it’s best not to click the link as it may lead to a spoofed site or trigger a malware infection.

Use Google’s transparency report: Google’s Transparency Report is a free tool you can use to assess the safety of a URL (website address). Simply copy the link and paste it into the transparency report to determine if it’s safe to click.


Sissy Li

Sissy Li, a news reporter at BTW media dedicated in Fintech and Blockchain. She graduated from Macau University of Technology and Science. Send tips to

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *