How to Identify a Phishing Email and avoid it

Can you go back in time when we didn’t have the internet?


Before Tim Berners-Lee invented the World Wide Web

How did scammers get away with people’s money?


Threatening victims with violence?

Now, there are more strict laws and unfortunately for scammers, more businesses are migrating to doing business online.


Unfortunately for you, scammers are also reinventing the wheel

With phishing emails

In today’s post, you will learn how to identify a phishing email miles away.

And avoid it.

A phishing email is any kind of message in your email inbox with malicious intent.

The intent is usually to steal your passwords, credit card details, personal information like names and all kinds of stuff.

Just anything that can be converted to cash.

Let’s face it, if you have a business you are bound to get lots of emails on a daily basis. According to Radical Group, there were 3.7 billion email accounts as of February 2017. And averagely 269 billion emails are sent per day. I mean that is a big number. You have suppliers, customers, mere inquiries, and marketing messages all day long. And it can be hard to distinguish between a legit and fake email.

Specifically, a fake email that aims to scam you.

However, there are some key indicators of potential phishing emails.

Which can guide you in eliminating phishing emails in your inbox

So how can you identify a phishing email?

1. An email from a company requesting for personal information

No company will ever call you to ask you for your password. Or send you an email requesting for your password. Because the company can access your personal information which is in their database without your credentials. They only need to login to the back-end of their system.

If you receive a call or an email requesting you to give out your password that is a red flag.

Don’t entertain the caller, just hang up. And for the case of an email, delete it.

How about someone claiming to be your bank, calling to ask for your name or credit card number? Or emailing on the same?

Same case, don’t entertain the caller or reply to the email. Personal information is personal for a reason. And if you have to change anything you should be there physically in the bank.

Tooltip: Do not click on the link on the email.

For example, I received this email from one of the online sites I work for. And for the life of me I forgot about the do not click policy and I clicked on the link. This resulted in an automatic download of the attachment. Luckily for me, I use a great antivirus which identified it as “Password Stealer Malware” and automatically blocked it.

The benefits of an antivirus can never be overemphasized. If you don’t have one, you should.

On special occasions though, companies can request that you to change your password. This is after their database has been compromised. Or they are experiencing security issues of some sort.  Like the case of Twitter  which requested users to change their passwords this month. This was due to a bug identified by the Security team at the company. Although the issue was fixed, Twitter still recommends that you change your password. Also, if you use your twitter password on other platforms, you should change it too.

2. Email address of the sender

In the past, it was much easier to identify a phishing email by the email address.

There is no way anyone can reply to an email address like

So scammers use tricks to imitate an original email. Such that if you are not careful you may think it is a legit company sending you the email.

For example instead of

The email would be

Instead of the domain name, the email is created from Gmail. Hence if you are not keen you may think that the second email is the same as the first. It would save you the trouble to double check email addresses.  Especially with sensitive accounts.

It is also rare to find a well-established company like your local bank or international money transfer that uses as an official communication email. Companies use their official domain as part of their email address. Whether they are sending newsletters, marketing emails or updates the domain name should still be part of the email.

For example,, et cetera.

3. A message with a sense of urgency

“If you do not click on the link below, you will lose your account”

“You have 24 hours to click on the link below”

“Last chance to recover your account”

It is common for scammers to create a sense of urgency so that you follow their instructions. They set a panic button with their messages which makes you reckless. This, as a matter of fact, is the sole purpose of phishing.

To make you think that if you don’t act something serious is going to happen.

The best approach to handle such an urgent message that may seem real is to find the official phone number of the company. Let’s say that you are expecting a package from DHL and someone claims that your package is stuck somewhere and you need to send some cash. And if you don’t send the money, you will lose the package.

First and foremost, find a legit number from DHL website. And explain the situation and get your facts right from the company. Then you can act after you have confirmed that there is indeed a problem.

Don’t respond to the urgent message.

4. Grammar and Spellings of an email message


They are allowed in conversations but not with your local bank. Companies hire professional writers and proofreaders before they send out newsletters and marketing messages. So there is no way you should be seeing typos all over the place.

Confusing their with there or you with your is just one of the red flags of a phishing attempt.

5. Unknown offers, deals, and prizes

You have won yourself $1,000. We need to send you the money ASAP. Please provide your credit card details. Offer valid until midnight.

Let’s be honest, free things are attractive. I mean there’s always something that you can do with extra money. But still, don’t let the desire for free stuff make you a victim of scammers.

So even if you play online casino games, don’t rush when you receive a “winning message”. Contact your casino platform and confirm if you have won anything. You can only win if you have participated in a game.

How to avoid getting scammed with phishing emails, messages, and links

1. Always confirm unexpected changes.

For example, if you send money to your suppliers each month on a particular platform, then all of a sudden they tell you that they have changed their address from PayPal to Payoneer or vice versa, don’t change the payment structure without calling them. Just call them and confirm directly from them. It may take you some time but it’s worth it than sending money to an unknown person. And then trying to recover it.

2. Avoid clicking on unknown links.

If you are suspicious of unknown website links, instead of clicking on the link, Google search the URL followed with scam. And you will get all the different scams associated with the link.

3. Use an up to date antivirus

It goes without saying that you will never know when you become a target. And some days you may be too comfortable that you let your guard down. I have been there too.

Antivirus will come in handy on such days. Also, keep your software up to date all the time.

4. Create awareness in your company

Scammers can also target your employees. In fact, scammers can pretend to be the HR Manager or Supply Chain Manager of your company. Then send instructions to your employees to authorize payments for non-existent products or services.

Case in point; educate your employees on what is happening in cyber security. Cyber security threats are real and creating awareness is a proactive approach.

Have you ever been a victim of phishing attempts?

If so how did you respond? Would love to hear your story.


Wamboi Gicheha is a freelance Tech Writer. When she’s not reading or writing about Tech, she’s probably traveling or ravaging Pinterest for a DIY project. You can connect with her on Twitter.

Leave a Reply