How to Spot a Phishy Email – blog

We’ve grown used to hearing about internet scams. It seems like every week there’s something new on the news that is worth sharing, let alone all the old scams that are still working today. Phishing is tricky because cyber criminals aren’t your ordinary delinquents. They’re smart and sophisticated. They know how to disguise themselves to gain your trust. That’s why this article is focusing on how to spot a phishy email.


The term “phishing” describes an illegal activity in which criminals impersonate legitimate people or organizations through advertisements, email, even text messages. All three options usually include a link that appears to take you to an official website. Unfortunately, the website is fake and any information you share with them goes directly to the scammers.

“Phishing” is a spin-off of “fishing” because criminals use a fake lure, hoping to catch their prey.


In a word… very. When someone falls for a phishing scam, it’s likely they’ll have their identity stolen. This affects your credit score and can result in your bank accounts getting emptied. New credit cards can be opened in your name, causing even further damage. It’s also possible that by clicking on the link, the same link will be sent to all your friends and family either through your email or social media accounts. Now they’re also at risk.


  1. STANDARD EMAIL: The most common form of phishing is the attempt to steal important information through email from a source that looks legitimate.
  2. MALWARE PHISHING: The same techniques are used from email phishing but downloads malware onto your device.
  3. SPEAR PHISHING: This is unlike most scams that cast a wide net, hoping to trick anyone and everyone. Spear phishing is highly targeted, focusing on lucrative victims such as businesses, executives, or public personas.
  4. SMISHING: One of the most recent types of phishing is SMS enabled. This means malicious links are delivered to your smartphone often disguised as prizes or political messages.
  5. SEARCH ENGINE PHISHING: Is very technically sophisticated. It’s when traffic to a legitimate website is rerouted to a spoofed page. The user has no idea the page they’re visiting is fake and inputs valuable information.
  6. VISHING: is the term used to describe voice phishing; a malicious caller pretending to be from tech support, a government agency, or charitable foundation.
  7. MAN-IN-THE-MIDDLE ATTACK: Involves eavesdropping or monitoring correspondence between two parties. Attackers usually create fake WIFI networks at coffee shops or shopping malls. When the user signs into the businesses “free WIFI”, they have no idea it doesn’t belong to the business.
  8. BUSINESS EMAIL COMPROMISE (BEC): About half of all cyber-crime in 2019 was due to BEC. An email appearing to be from someone within the organization requests urgent action on an email, which tricks many unsuspecting employees into following the emails directions.


Phishing messages try to look like a legitimate organization that you deal with. This could be your bank, your internet service provider, the government, even organizations such as Amazon or Netflix. However, if you check the return address from the message, you’ll likely see the address is a long URL, with incorrect spelling. For example, a phishing email could come from Amazon, saying there’s a problem with your order. However, the address came from “Amazom.ca” with an M at the end, not N.

There’s often an intimidating backstory involved in the email, explaining why you need to click on the link. This can include (but isn’t limited to):

  • “We’ve noticed suspicious activity or log-in attempts on your account.”
  • “You must confirm some personal information.”
  • “There’s a problem with your account or payment info.”
  • “You’re eligible for a prize/government refund/coupon.”
  • They offer coupons or free stuff by clicking the link.
  • They include a fake invoice for your referral.

If the email is threatening in nature, it’s likely a scam. It’s demanding “immediate action”, highlighting the consequences of not clicking the link. These consequences often include shutting down your account, paying ridiculous fees or even facing jail time. Keep in mind that no legitimate organization will make these threats.


Some scams are easy to spot. Others can take months for the victim to notice something is wrong and by then it can be impossible to find out what you did wrong. Fortunately, internet service providers, and web security organizations are always working to keep up with cyber criminals. If you’re concerned about your online security, read some important cyber-security tips here.

Skip to content