header image icon - mountains

Signs of Phishing Attack Checklist

Signs of Phishing Attack Checklist 1

Signs of phishing attack generally fit a certain mould and the most common type of scam.

Phishing is one of the  longest running methods of cybercrime which people consistently fall victim to.

Typical phishing attacks are scammers sending fake emails asking for payment or fake links asking for sensitive information like bank details to use or sell on.

Email filtering can help send phishing emails to spam/junk folders but requires fine-tuning so legitimate emails can’t get lost.

We have created a checklist to help you look for the following warning signs of phishing attacks.

Remember to check Password Protection, Phishing Attacks Checklist, and Malware Checklist.

Signs of Phishing Attack Checklist

Originate Overseas

Where has the email come from?

Think ‘Nigerian prince’ one of the longest-running Internet frauds.

Language Standards

Spelling, grammar and punctuation poor.

Contains unusual phrases and grammatical errors.

Logos and Graphics

Is the design and image quality what would you’d expect?


Does it refer to you as ‘valued customer’, ‘friend’, or ‘colleague’?

Sign that they don’t actually know you.

Veiled Threats

Creates a sense of urgency telling you to act immediately.

Be extremely suspicious of words encouraging you to act quickly like ‘send details within 24 hours’ or ‘you’re a victim of crime, click here now’.

Legitimate People

Is it really from that person or trying to mimic someone you know?

Emails can appear to come from a CEO requesting a payment to be made to a particular bank account.

Public Email Domain

Large organisations will have its own email domain not an address that ends ‘@gmail.com’.

Look at full email address, not just the sender’s name.

Misspelled Domain Name

Every domain name is unique but plenty of ways to create email addresses that are indistinguishable from the one they are spoofing.

Suspicious Attachments or Links

Either infected attachment asked to download or a link to a fake website that requires you to login and divulge sensitive information.

Too Good To Be True

Someone offering to give you money? If it sounds too good to be true, it probably is.

Related Checklists