Business IT Support in Toronto, Durham Region +

How To Identify Phishing Emails – Tips For Small Business

sample phishing email

The internet is a bit like the wild west, except instead of train and bank robbers we now have hackers who attempt to steal your information. The most popular way for these attackers to get control of your systems and companies’ information is through a method called “phishing”. These emails are designed to trick the user into thinking they must give out money, download a file, visit a website, or even give out their password. Today we give you tips on how to identify phishing emails. Review this post with your entire team. Everyone needs some cyber threat awareness and training.

First, the most important thing to remember when trying to spot a phishing attack is; No company will ever ask you for your password or information through an e-mail without being prompted first.

A common phishing e-mail may look something like this:

sample phishing email

Note: The link in the body may appear as a word –  simply hover your mouse over it to see the URL.

There may be more images in the e-mail, and a lot of them will look professional, but they are not real.

Can you spot the mistakes in the above sample phishing email?

5 Tips to Recognize a Phishing Email

1: The message contains a mismatched URL

One of the first things I recommend checking in a suspicious email message is the integrity of any embedded URLs. Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.

2: URLs contain a misleading domain name

People who launch phishing scams often depend on their victims not knowing how the DNS naming structure for domains works. The last part of a domain name is the most telling. For example, the domain name would be a child domain of because appears at the end of the full domain name (on the right-hand side). Conversely, would clearly not have originated from because the reference to is on the left side of the domain name.

3: The message contains poor spelling and grammar

Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality, among other things

4: The message asks for personal information

No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. Your bank doesn’t need you to send it your account number. It already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

5: You didn’t initiate the action

Many phishing attempts will try to claim you need to reset your password, or simply give the password to them. Reputable companies will never ask for your password or any other personal information via email, as they already have it.

Mistakes in this sample e-mail:

  • The domain is while the official domain is – the o in soft is a zero in the fake domain
  • Microsoft and any other company will never ask you for your personal information via email
  • The link does not go to, it leads to the fake address where they steal your password – (visible in the training PDF version of this file)

What To Do If You Get A Phishing Email

If you do receive a suspicious e-mail, please take a screenshot of the e-mail (do not forward the email) with the following information and send it to your IT provider.

  1. Sender Address
  2. To Address
  3. Date/Time received or sent

NEVER forward a phishing email.

NEVER click on any of the links, download any files, or try to reply to these e-mails. If you do please contact your IT support company immediately.

Trusted IT Support In Toronto: TUCU has been providing IT support and IT Security Services for small business since 2003. We don’t sell equipment or block of hours. We help you implement and uphold best practices to protect your business. Give us a call to discover how we will help you.

Latest IT Articles


More Posts

Free Consultation

Get IT Solutions for your business.