Spotting a phishing email

As phishing attacks become more common in schools, we outline how to spot one.

A phishing email is an email that is made to look like it is from an organisation or individual you trust. Unfortunately, the email is likely to carry an infected attachment or malicious link that will release a virus onto the school’s network often designed to disable it. Alternatively, the email will ask you to enter personal information into a fake login page to gather data that can then be used to access the school network.

Ways to spot a phishing email

Although often very sophisticated, there are several ways to spot a phishing email. Here’s a few red flags to look out for.

  • The email is sent from a public email address masked as the fake address. Check if the email address is correct by hovering your mouse over it.
  • The email starts with a formal salutation that does not include your name but claims to be from a service provider you use or individual you know.
  • The message contains a sense of urgency or an issue they are asking you to help with, such as a problem with your account that needs immediate attention
  • The email is badly written and contains spelling or grammatical errors
  • The email asks you to click onto links or open attachments, hovering over the link will reveal its true destination – be careful not to click onto it
  • The email could ask you to log in or leave your details somewhere

If you are unsure about an email, speak to your IT team or the organisation or individual the email claims to be from. Do not click onto any links or attachments until you are sure.

Support staff via our e-learning course

Our interactive e-learning course from our sister company GRC E-Learning helps colleagues identify and understand phishing scams, explains what could happen should they fall victim, and shows them how they can mitigate the threat of an attack.

Visit the GRC E-Learning website to find out more

Share our free phishing video with colleagues

Our two minute video is a great way to introduce staff to common ways to spot phishing emails. Watch it here