How to Understand, Spot, and Report Phishing Emails

Understand phishing

  • Learn what phishing is: a fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy entity in an electronic communication.

Inspect the sender’s email address and domain

  • Check for unusual characters or inconsistencies in the sender’s email address.
  • Be wary of unfamiliar or suspicious email domains.

Examine the email content

  • Look for spelling or grammar errors, which can be a sign of phishing.
  • Be cautious with emails containing attachments or links, especially if they’re from unknown senders. Verify their legitimacy before opening or clicking.

Beware of urgent or pressure-inducing language

  • Phishing attempts often create a false sense of urgency to manipulate victims. Don’t rush to respond; verify the email’s legitimacy first.

Verify requests for sensitive information

  • Legitimate organisations typically don’t request sensitive information via email. If in doubt, contact the organisation via their official channels.

Report phishing emails

  • Forward any suspicious emails to your organisation’s security or IT team and delete them afterwards.


Interactive Video

Watch the interactive video, try the activities, to strengthen your understanding of how to understand, spot, and report phishing emails.