Email is an indispensable tool for communication. It’s pretty safe to say that almost every person and business has at least one email address. But unfortunately, email can also open the door to potential security risks. Phishing attacks, in particular, can have devastating consequences.

As part of Cyber Security Awareness Month 2023, we thought we’d help you stay safe when using your email at work. We’ve put together this short article which highlights 7 things you should check when you receive an email to keep you and your organisation safe.

We’ve also given you a few questions to ask yourself to help you stop and think before you do anything with an email you’ve received.

Who is the email from?

Phishing example showing sender information

  • Do I recognise the sender’s email address, and is it the one I normally communicate with?
  • Are there any misspellings in the email address? Specifically, check the domain name part of the sender’s address.
  • Is the sender from outside of my organisation, and is the email related to my job?
  • I know the sender, but does the email seem out of character? Stop and verbally confirm the request.
  • Do I have a business relationship with the sender?
  • Am I expecting this email, and does it have any attachments or links?

Who was the email sent to?

Phishing example 'To' field

  • Was the email just sent to me or lots of people?
  • If other people also received the same email, do I know who else it was sent to?
  • If it’s a random group of people, do all their surnames begin with the same letter?
  • Was it just sent to a personal email or a business email e.g.

Phishing example showing hyperlink

  • Did I receive a blank email with no content, just a hyperlink?
  • When I hover my mouse over a hyperlink, is the link-to address different to that in the email?
  • If it’s a known website, are there any misspellings in the URL?

What was the date and time?

Phishing example showing Date and Time fields

  • When did I receive the email, was it out of office hours, e.g., received at 2am?
  • Was it sent from someone in my organisation when they’re meant to be on holiday or a business trip?

The email subject

Phishing example showing the 'Subject' field

  • Does the subject match the content of the email?
  • Is the subject related to something I’ve requested or signed up to?

Email attachments

Phishing example attachment

  • Am I expecting an attachment in the email I just received?
  • Does the attachment relate to the context of the email?
  • Is the attachment named correctly?
  • Do I think this might be a bad or dangerous file?

The content of the email

Phishing email example content

  • Is the email trying to make me do something to avoid negative consequences?
  • Is it trying to gain personal information or sensitive data from me?
  • Does it have bad grammar or spelling mistakes?
  • Do I have an uncomfortable gut feeling, does something feel wrong?

Elevate your email security awareness

The first step to reducing the risk of falling victim to a phishing attack is to be able to identify one.

By remembering these seven red flags (and by asking the right questions), you can identify a dodgy email and avoid becoming a victim of email-based threats.

Please keep in mind that cyber awareness doesn’t stop there. Cyber criminals are getting smarter with their attacks, especially with the advancements in AI to help them construct compelling emails. To elevate your email security awareness, we invite you to explore our comprehensive cyber awareness training program.

Knowledge is power, as they say, and equipping yourself and your colleagues with the knowledge and skills to stay safe and secure is our top priority.

October 04, 2023 — Paul Stanyer