picture showing gmail inbox screen

How to Spot a Phishing Scam (5 Examples)

This blog is part of our cybersecurity basics series which you can read here.

As a busy professional, it’s likely you receive lots of emails a day. But how many illegitimate emails do you receive? Experts estimate that scammers send 3.4 billion phishing emails per day, so the answer is likely ‘quite a lot’.  

Although most email clients can manage and categorise phishing emails as spam, some may slip through the net and land in your inbox.  

In this blog, we cover how to spot a phishing scam and provide you with 5 examples of the most common phishing scams cybercriminals use to target businesses like yours.  

What is a Phishing Scam? 

A phishing scam is a type of social engineering attack. The scam uses deceptive techniques to trick you into handing over sensitive information, such as passwords, addresses and financial information. 

This information can be used to commit further crimes, such as fraud, stealing money and identity theft. 

Why Are Businesses Targeted? 

Phishing attacks are designed to gather masses of sensitive information, which criminals can use to their advantage.  

As businesses hold lots of sensitive data, including information about their customers and employees, they make great targets.  

If a hacker can infiltrate just one employee’s Microsoft 365 account within a business, they will have access to hundreds of bits of information, including emails, files, SharePoint libraries and more. 

Once the account has been compromised, the hacker could use the employee’s email address to send out more phishing emails to target customers and other employees. 

How to Spot a Phishing Scam 

Most phishing scams have similar characteristics, which makes it easy to spot them (as long as you know what you’re looking for).  

These are what you should check, but we’ll go into more detail  

  • Email address  
  • Generic greeting  
  • Misspelling 
  • Misalignment  
  • Language and tone 
  • Hyperlink 

Email Address 

The first thing you should check is who sent the email to you. Quite often, phishing emails will come from either weird email addresses or email addresses from the public domain.  

Sometimes, cybercriminals purchase domain names similar to the company that they’re trying to imitate. These domain names may be spelt slightly differently, for example: 

  • microsft.com (missing the second o) 
  • rnicrosoft.com (the m is actually an r and n) 
  • gooogle.com (one too many o’s) 
  • loydsbankinggroup.co.uk (missing an L, but may fool users as ‘banking group’ has been included at the end) 

A lot of the time, hackers will use public email domains, such as Outlook, Hotmail and Gmail accounts. It’s important to remember that most businesses don’t use public email providers and will send from an owned domain.  

It’s also important to remember that following a successful phishing attack, a hacker may use the victim’s email address to phish their contacts.  

Generic Greeting 

Once you’ve analysed the email address, check how the email greets you. Typically, when a reputable business or contact emails you, they will have your name on file and address you accordingly. It’s common for phishing emails to start ‘Dear User’, ‘Dear Customer’ or similar.  


The next thing to look for is spelling mistakes and bad grammar. Phishing scams are notorious for poor spelling and grammar and tend to contain oddly worded sentences.  

We cover some examples of this later in the blog.  

Misalignment and Branding 

As cybercriminals try to pose as a business, the branding in the email may not look right. Things might be misaligned, and colours/logos don’t match.  

Obviously, not everyone is an expert on every brand in the world. But if something looks a little ‘off’, it’s best to check.  

Language and Tone Used 

The success of a phishing attack relies on you clicking on a link, entering your details or downloading a file.  

Due to this, phishing emails are known to create a sense of urgency and will often be based on a topic people worry about, for example, money, tax or cybersecurity.  

As you’ll see from the below examples, common phrases used include: 

  • Review activity 
  • Confirm your identity 
  • Verify it’s you 
  • Login  


The hyperlink is the most important part of the email.  

Hackers will disguise the link behind link text, or a button.  

To see what the actual link is, hover over the hyperlinked text or button and in the bottom right, the URL will appear.  

If the hyperlink doesn’t match the URL of the actual company’s website, it’s likely a scam. 

It’s all good and well telling you what to look out for, but it’s better to show you. Here are 5 examples of common phishing scams that target businesses.  

Microsoft Phishing Example 

This email suggests that there has been unusual activity on your Microsoft account. If your business relies on Microsoft 365, this email could be extremely worrisome. 

Example of a phishing scam from Microsoft

Source: phishing.org 

Why It’s Convincing 

This email is particularly convincing for a few reasons. First, the email matches the same font and brand colours as legitimate Microsoft emails. With just a quick glance, this may be enough to convince someone to click on the link.

In addition, the scammer has changed their display name to Microsoft Team and they’ve also used Microsoft’s actual domain as the text for their hyperlink.

How You Can Tell It’s Fake 

Upon closer inspection, you will see that the from email address is no-reply_msteam2@outlook.com which is clearly not an official Microsoft email.

Also, upon reading the email, you’ll notice that the wording is quite odd. For example,  ‘someone from foreign I.P Address was trying to make a prohibited connection’.

Finally, the link behind https://www.microsoft.com does not match.

HMRC Phishing Email 

Emails from HMRC are rarely welcome, unless it’s a tax rebate. In this scenario, a cybercriminal is posing as the government informing us that we’re due a tax refund.  

The news may fill some with enough excitement that they skim the rest of the email, ignoring the signs of a phishing scam and clicking on the link ready to claim back their hard-earned cash.  

But if you pause for long enough, you can tell it’s bogus. 

example of a phishing email from someone pretending to be HMRC asking for someone to submit their bank details via a link

Source: Wellers Accountants 

Why It’s Convincing 

This email follows the same simple black-and-white branding as the government and (ironically) contains information about reporting suspicious emails to HRMC.

How You Can Tell It’s Fake 

If you haven’t sent a tax refund claim form, the 1st part of their email makes no sense.

Also, the refund amount is in orange and looks off-brand.

The line ‘you will normally receive a refund of 253 GBP’ doesn’t sound like the tone HMRC would use.

Finally, HMRC will never ask for payment or personal information by email and send legitimate P800 tax rebates by post.

Companies House Phishing Scam 

This companies house email asks us to verify our identity by a certain date, otherwise, our account will be ‘put on hold’.  

For some business owners, this may cause enough panic to take action and follow the hyperlink. 

Let’s look at this email in more detail.  


Why It’s Convincing 

Like the previous email, it matches HMRC’s branding really well.

How You Can Tell It’s Fake 

Most importantly, the link included at the bottom of the email does not match the gov.uk domain.

As government organisations, HMRC and Companies House use a formal tone. The line ‘you are getting this email’ doesn’t sound like something HMRC would say.

PayPal Phishing Scam

It’s not uncommon for cybercriminals to pose as financial services companies, including banks and payment providers in a phishing attempt.  

In this case, hackers posed as PayPal claiming that a user’s account was limited and that they needed to ‘login’ or visit the ‘resolution centre’ to resolve the issue.  

In reality, both of these links would take the user to a malicious phishing site, but let’s look at it in more detail.  

phishing email from someone pretending to be from paypal asking for the user to respond to the email or click a link 

Why It’s Convincing 

Yet again, the scammer has managed to match the branding really well and also uses a real PayPal scenario of a frozen account.

They’ve also included two hyperlinks which PayPal include in their emails.

How You Can Tell It’s Fake 

Fortunately, the scammer used an outlook.com email address, something PayPal would never use.

Also, when you hover over the two hyperlinks, they don’t link to PayPal domains.

GoDaddy Phishing Scam

GoDaddy is an international domain registrar and web hosting company which many businesses purchase their domain name(s) from.  

Recently, cybercriminals have been posing as the web giant coercing victims to ‘verify their domain’ by clicking the link.  

As most businesses now rely on their website to bring in new business and communicate with existing customers, the thought of losing your domain name is worrying.  

But this is in fact a phishing attempt.  

Let’s take a closer look.  

fake email from a scammer pretending to be from GoDaddy encouraging the user to verify their domain name through a button

Why It’s Convincing 

The scammer has managed to match the GoDaddy branding really well, including the font.

It also uses the customer’s name, which invokes a level of trust and authenticity.

How You Can Tell It’s Fake 

It’s a common theme here, but the email address doesn’t match GoDaddy’s real domain, and neither does the link behind the ‘Verify Now’ button.


It’s unlikely that phishing scams will ever go away, so we must know how to spot them and avoid them! 

We hope that this blog has provided you with the knowledge on how to spot a phishing scam. Of course, to recognise a phishing scam is only the start. If you or your colleagues receive a phishing email, we encourage you to report it to help protect others.  

You can learn more about how to report phishing scams here. 

Cybersecurity Awareness Training 

As an IT support provider, we offer a range of IT services to businesses across the UK, including cybersecurity awareness training. 

Our training programme puts your team’s knowledge to the test and helps to create a cybersecurity-focused culture. Using bite-sized videos and interactive learning, your employees will transform from your biggest security liability to your first line of defence.  

Find out more about our cybersecurity awareness course 

Back to our blog

Are you a looking for IT Support for your business?

Get in touch via our Contact form or call us on 01225 426 800