How to spot and stop a phishing email

Google phishing

Cybercrime poses an ever-growing threat to globally connected cities such as London. And despite technological advancements, malicious actors still utilise traditional tactics to gain access to devices and exploit our data. Phishing emails are unfortunately one of these common threats. Hackers often send widespread phishing emails targeted at employees, in the hopes they will click on infected links or download malicious software. That’s why it is essential your business knows how to spot and stop phishing email attacks.

Google has over 1.8 billion global users registered to their Gmail service, many of whom will be based here in London. And, when Google says scammers are sending out over 100 million phishing emails every day to Gmail users, we should all be comprehending the risk. So, follow along to learn the five Google checks to help stop phishing email attacks to your London business.

Why knowing the five Google checks is vital

Phishing is one of the largest, long-standing, and dangerous methods of cybercrime

Phishing attacks remain the most common type of cyberattack for UK businesses to experience. Cybercriminals may often work in organised gangs to try to trick us into revealing personal data, let malware into our systems, donate to fake charities and so on. Not only can this lead to viruses on your work devices, rendering them largely unusable, but phishing can be a gateway to other cyberattacks, such as ransomware. For this reason alone, you should know the five checks for spotting and stopping email phishing attacks.

Phishing emails can appear in all shapes and sizes

Phishing tactics can range from simply asking you to download a seemingly harmless link, to impersonating a reputable organisation, colleague, or friend. This makes it hard to quickly identify whether a suspicious email is safe or not. Cybercriminals also send out mass phishing email attacks to thousands of businesses simultaneously. This means scam emails can easily get piled up in your overflowing inbox. So, before knowing the Google five checks you may not even think to take a second look as well-constructed phishing emails can look like the real thing.

Phishing attacks are only on the rise

Cyber-security company Barracuda Networks reported a 667% increase in malicious phishing emails during the pandemic. And since then, phishing has remained the most common cyberattack to affect UK businesses year by year. Therefore, it is more important than ever for everyone in your organisation to be able to recognise a phishing email.

The good news is that new innovations in cybersecurity such as Google’s machine-learning tools can block more than 99.9% of such emails from reaching potential victims. However, it’s up to every SME leader in London and beyond to understand and prepare for phishing threats.

Do you know how to spot a phishing email?

Most of us in SMEs think we’re too smart, savvy and switched on to fall for such cyberattacks, but millions of us do. So, in this blog post we’re going to share the five Google checks you need to learn to detect and stop phishing email attacks. Please read on to discover:

Check 1 to stop phishing emails: Is the message sent from a public email domain?

No legitimate organisation will contact you from an address that ends ‘’. Not even Google themselves.

Yes, individuals and independent workers, like freelancers, may have public domain email addresses. But every official organisation, from banks to charities and government bodies, will have their own email domain and dedicated company accounts.

Always check that the domain name (i.e. the part after the @ symbol) matches the sender of the email. If it doesn’t, the message is probably a scam. One quick, simple way to check an organisation’s domain name is to type the company into a search engine.

To be doubly sure, also look at the actual email address a message has been sent from. This is something most of us often fail to do before reading the email. Scammers hope that by using a display name like ‘IT Governance’, and matching the subject line you’ll ignore who the true sender is and leap straight into the content.

Note: cybercriminals are becoming ever more sophisticated in their phishing tactics. So, remember that they’ll use a spoofed organisation’s name as part of a fake email address. For example, in a phishing attack which targeted PayPal customers, the scammer’s address was ‘’. But, in this case a genuine email from PayPal would have their name in the domain name. This would indicate that it had come from an official at (@) PayPal.

Check 2 to stop phishing emails: Is the domain name spelled correctly?

Anyone can buy a domain name from a registrar. And although every domain name must be unique, there are lots of ways to create addresses that are indistinguishable from the one that’s being spoofed.

Surprisingly, scammers often misspell the names of even some of the world’s biggest enterprises in fake domains! This is a clear indication that an email contains a phishing threat.

In one much-publicised example, an ethical hacker successfully ‘phished’ the CEO of the Gimlet Media podcast. This was all despite the purposeful misspelling of the Gimlet domain name as ‘’ That’s r-n-e-d-i-a, rather than m-e-d-i-a, by the way. And no one spotted it, even though the show was all about falling victim to scam emails.

Top tip: you don’t have to fall victim to a phishing scam for a cybercriminal to gain vital information. The way you react alone (circulating the scam email to your team, for example), can provide them with valuable intelligence. So, it’s not enough to spot a scam to stop phishing email attacks. You must be confident enough to check, decide, and delete it at the first opportunity.

Remember: if the message was genuine and important, the sender can get in touch again or through another channel.

Check 3 to stop phishing emails: How is the email written?

A dead giveaway of scam emails is poor spelling and/or grammar. However, many cybersecurity experts will tell you that such errors are part of a ‘filtering system’ used by scammers. This means cybercriminals will target only the most gullible people, because if someone ignores clues about the way the message is written, they’re less likely to identify the scam later.

Although, the filtering system tactic only applies to manually operated scams. This refers to scenarios in which the scammer replies in person once someone takes the bait. On the other hand, phishing attacks are nearly always automated and dump thousands of identical messages on unsuspecting people.

Nonetheless, phishing emails are often badly written. This is generally because many of the cybercriminals are from non-English-speaking countries. Or in some cases their background has limited their access or opportunity to learn the language.

Ask yourself these questions when reading over a suspicious looking email:

  • Is any typo a commonly made error (like hitting an adjacent key)?
  • Is the context wrong?
  • Is this the kind of email that should have been proofread and edited (such as corporate communications message)?
  • Is it consistent with previous messages received from this sender?

If you’re in doubt about the validity of any email you should not respond or click on any links. Instead, it is best to contact the sender using an alternative method, for example by phone or via their website.

Scammers can easily use spellcheckers or translation machines to help draft a passable phishing email, but grammar can be more difficult to master.

Top tiplook out for grammatical errors rather than spelling mistakes.

So, the bottom line here is to always check for poor English, spelling, and grammar.

Check 4 to stop phishing emails: Does the email include suspicious attachments or links?

Phishing emails come in many forms, but they will all contain a payload. This will either be an infected attachment or a link to a bogus website. Here you’ll be asked to download concealed malware or re-enter a login and other sensitive information.

Such impersonations can range from false invoices to letters from your local tax authority. Once opened, they will unleash malware on your computer, which, from that point on is unpreventable. This could damage or lock up your IT, business, data, or confidential information in numerous ways.

The golden rule is that you should never open an attachment unless you are completely certain that the message is from a legitimate party. Be especially cautious if you receive a pop-up warning about the file’s integrity or you’re asked to adjust any of your device’s settings to accommodate it.

You can often spot a suspicious link because the destination address doesn’t match the context of the email. For example, if you receive an email from Netflix, you expect the link to direct you towards an address starting with ‘’. Unfortunately, many legitimate and scam emails hide the destination address in a button. This way it is not immediately obvious where the link goes, although it’s simple enough to check.

Top tip: on your computer, hover your mouse over the link provided. The destination address should then appear in a small bar along the bottom of your browser. On a mobile device, hold down on the link and a pop-up will appear containing the destination address. This will help you deduce whether the link is suspicious or legitimate, so if in doubt do not click on it.

Check 5 to stop phishing emails: Does the message create a false sense of urgency?

Scammers know that most of us procrastinate, so the longer we think about something, the more likely we are to notice things that something is wrong.

As a result, scammers typically ask you to ‘act now’ or create some other sense of urgency. This could look like a final demand for a fake unpaid bill or a message threatening to suspend common subscription services.

This manufactured sense of urgency is highly effective in the workplace when it appears to be a message from your boss. Cybercriminals will know that most of us will drop everything if our manager emails us with a vital request. This is particularly true if it suggests other senior colleagues are awaiting your response.

Top tip: phishing scams like this are especially dangerous because no one wants to check the validity of the message even if they fear foul play. Often the worry of upsetting a boss, or endangering a deadline, outweighs suspicion. So, as part of your cybersecurity strategy and policy, create an environment in which your whole team feels confident to ask. They should always feel empowered to stop, think, and check – no matter who the email comes from.

It might seem like a cliché, but cybersecurity prevention is always better than cure and it’s down to every member of your organisation to be aware and act when necessary.

Awareness and training are key to preventing email phishing attacks

Spam filters will never be fully effective, and your cybersecurity defences will only ever be as strong as your weakest link. And research shows that for SMEs in London or elsewhere, that’s your employees, because of human error. That’s why staff training and awareness is key when it comes to stopping email phishing attacks. Once you’ve created an environment of cybersecurity awareness, you’re not only remaining IT compliant, but you’ll be keeping your people, business, customers, and all data safe and secure.

Make sure every member of your team, working remotely or not, understands the dangers of phishing scams and other new risks circulating online. Encourage them to be extra vigilant about unexpected, unrecognised, and unsolicited emails, messages, and texts they could receive. Emphasise and outline in your cybersecurity policy the importance of stopping, thinking, and checking before clicking on or opening anything they do not recognise. Support them and ensure they make a quick phone call to verify the legitimacy of an unusual request.

And, if you need any further advice on stopping phishing email attacks or have any other related cybersecurity concerns, please contact the IT Support London totality services team.

So, reach out to our friendly IT experts today for an informal, confidential, and no-obligation chat, to ensure your cybersecurity defences are up to the job.