Phishing is a major security threat for modern businesses. Knowledge of what is, and isn’t a phishing email varies, with many employees at risk of falling foul to malicious emails.

Check out these brief pointers to help employees discover what’s legitimate and what isn’t when it comes to their inbox.

Check the address

It may sound obvious but is the email address one you recognise? Take a look at the domain name, if it varies slightly from the usual then think spam.

Often cybercriminals will try to mirror official websites by setting up dummy accounts, hoping to dupe the recipients into providing data and/or money.

What info are they providing you with?

Even a sophisticated email won’t likely have used your full name or provided an account number or other specific details, so if your team receives an email from an unrecognised account that doesn’t feel right, remember a genuine email will likely use specific details (think full name, customer orders, PO numbers etc.)

Visual appearance

Does the email in question visually match the emails you’ve had from a company previously? If not, approach with caution.

Phishing emails could replicate the look and feel of a big brand (such as a bank or major corporate) but they’re unlikely to get it right. If it’s not a polished-looking piece of email marketing, be wary.


Generally speaking, phishing emails aren’t always the most well-written pieces of content. If the text doesn’t read well, is littered with punctuation mistakes or spelling errors or something just doesn’t add up then this is something any IT department would want to be made aware of.


Make sure employees know how to report any issues quickly before they make their way across your organisation.

Our Simulated Phishing as a Service option enables companies to safeguard their IT infrastructure against cybercriminals. In particular, our service includes:

  • Simulated phishing emails to designated employees
  • Monthly, Quarterly or Annual Phishing service
  • Full managed Phishing campaigns
  • Flexible recipient / elastic on per user basis
  • Helps to train users to spot phishing
  • Report detailing results
  • Helps to steer cyber training decision making
  • Supports compliance

Why phishing can't be ignored in 2021 infographic download

David Taylor

Written by David Taylor

David is a Digital Marketing Executive at Celerity and drives their digital activity including campaigns, website, blog writing and social media. He has a passion for digital marketing and all things tech - especially in cyber security.