Skip to main content
MalwareHigh priority

Learn how to spot a phishing email

Learn the three things to check before clicking any link in an email. Phishing is responsible for the majority of account takeovers and business email compromises in the UK.

Why this matters

Phishing emails are the starting point for the majority of account takeovers and business email compromises in the UK. Attackers create convincing copies of real emails from banks, couriers, and HMRC to trick you into clicking a link or entering your details. Knowing what to look for takes only a few minutes to learn.

How to do it

  1. Check the sender's actual email address — not just the display name. Hover over or tap it to see the full address.
  2. Be suspicious of any unexpected message that asks you to click a link, download an attachment, or enter your details — even if it appears to come from a familiar organisation.
  3. Look for urgency or threats such as 'Your account will be closed' or 'Action required immediately.' Legitimate organisations rarely pressure you this way.
  4. If unsure, go directly to the organisation's website by typing the address yourself — never follow a link in the email.
  5. Report suspected phishing emails to your email provider (mark as spam) and to the NCSC Suspicious Email Reporting Service at report@phishing.gov.uk.

Cyber Essentials framework

This task falls under the Malwarecontrol — one of five areas assessed in the UK's Cyber Essentials scheme. Completing it counts toward your Cyber Essentials alignment.

Track your full security score — free

Create a free account to check off tasks, see your Security Score, and build toward Cyber Essentials alignment.

Start your free security check