Client login
Michael Wood Web Dev • Plugins CRMs • Automation
Let’s build something
5 min read
reads
← Blog

How to Spot a Fake Email: 10 Warning Signs of Phishing Scams

5 Apr 2026 Michael Wood UK (Rotherham, South Yorkshire) • UK-wide remote

Cyber Security Email Scams Phishing Business Security
```

Email scams are becoming more convincing every year. Criminals often impersonate banks, delivery companies, HMRC, Microsoft, and even businesses you work with regularly.

The goal is usually the same: trick you into clicking a link, downloading a file, or handing over sensitive information.

Whether you're a business owner or simply checking your personal inbox, here are the biggest warning signs that an email may be fake.

1. The sender address looks strange

Always check the full email address, not just the display name.

❌ support@microsoft-help-security.net
❌ hmrc-refunds-claim.com
✅ @microsoft.com
✅ @hmrc.gov.uk

Scammers often use addresses that look legitimate at first glance.

2. The email creates urgency or panic

Common examples include:

  • Your account will be closed today
  • Your payment has failed
  • You've been hacked
  • Your parcel cannot be delivered

Legitimate companies rarely demand immediate action within minutes or hours.

3. Poor spelling and grammar

While scammers are getting better, many fake emails still contain unusual wording, spelling mistakes or strange formatting.

4. Links don't go where they claim

Before clicking any link, hover over it and check where it actually goes.

If the link destination doesn't match the company website, don't click it.

5. Unexpected attachments

Be extremely cautious with attachments you weren't expecting, especially:

  • .zip files
  • .exe files
  • Word documents asking you to enable macros
  • PDF files from unknown senders

6. Requests for passwords or payment details

Reputable companies will never ask you to send passwords, banking details or card information by email.

7. It feels 'slightly off'

Many scams are successful because they look almost genuine. If something feels unusual, contact the company directly using their official website or phone number.

8. Check the greeting

Generic greetings such as:

  • Dear Customer
  • Dear User
  • Valued Customer

can sometimes indicate mass phishing campaigns.

9. Verify before acting

If an email claims to be from your bank, supplier or customer, contact them directly before taking any action.

10. Trust your instincts

If something doesn't look right, don't click. It is always better to verify first than deal with a compromised account later.

Quick checklist

✅ Check the sender address
✅ Hover over links before clicking
✅ Be suspicious of urgent requests
✅ Don't open unexpected attachments
✅ Never share passwords via email
✅ Verify with the company directly

What should businesses do?

Businesses should ensure staff understand common phishing tactics and have secure email systems, backups, and website security measures in place.

If you're unsure whether an email is genuine, it's always worth checking before clicking any links or downloading attachments.

Related reading and useful resources

Not sure whether an email is genuine? Feel free to send me a screenshot and I'll help you check it.

Next step

Need help improving a site?

If you want cleaner structure, faster performance, or a safer codebase to maintain — I can help.

Get a quote See work
More reading

Back to the blog

Browse all articles