The 12 signs of Phishing

The 12 signs of Phishing

As you start preparing for the festive season, we’ve got a list longer than Santa’s naughty list – the 12 signs of Phishing scams rife this Christmas. Cyber criminals will know this is a busy time of year for you, and if an opportunity arises, they’ll take it. 

You don’t want any nasty surprises when you come back from your festive break, so don’t let cyber grinches still your joy this Christmas (or sensitive information). 

 Be sure to deck the halls with firewalls and read on to identify the 12 tell-tale signs that you’re the recipient of a Phishing scam.

  1. Generic Greetings: Some email scams will include your first name in a message, but a lot of the time scammers don’t. Phishing emails often use impersonal greetings like “Dear Customer/Client” instead of addressing you by your name.
  2. Deals too good to be true: Scammers will try to pull you in emotionally. With Christmas so close, they know you’ll be hunting for the best deals, and will use this as a strategy to fool you. The photo below is a great example, and they’ve used a generic greeting at the top of the email

  3. Grammar: One quick and easy way to check for a scam is to analyse the spelling. An email from a legitimate company will be well written. Check the email domain for misspelled words and be cautious of links that look suspicious. Be sure to hover over links to see the actual destination to avoid clicking on potentially unsafe links. 
    Scammers impersonating well known organisations can look accurate and be hard to spot. The example below even replicates the Royal Mail branding very well, making it tricky to detect. Checking small wording details in the sender address could help you to spot the scam. And don’t forget, if you’re ever unsure, just contact the source through a direct channel.

  4. Files & Attachments: Be cautious of email attachments, especially if they come from unknown or unexpected sources. Hackers can send emails from accounts you’re familiar with, so if you weren’t expecting a file link or attachment, give the sender a phone call so you can confirm its validity.
  5. Urgent Language: Phishing attacks often create a sense of urgency or use threatening language to prompt quick action. Watch out for phrases like “Your account will be suspended” or “Immediate action required.”
  6. Requests for Personal Information: Legitimate organisations don’t request sensitive information via email, text, or phone call. Be sceptical of emails asking for passwords or business account details. If you’re unsure, contact the organisation to check it’s validity before engaging.
  7. Mismatched Logos and Branding: Check for inconsistencies in the email logos, branding, or formatting. Phishing emails often have poor quality graphics or inconsistencies compared to official channels.


  8. Unexpected shipping & delivery emails: Cyber criminals will know that the likelihood of you expecting a delivery this Christmas will have increased. Fake shipping and delivery notifications will be sent in efforts to  get you to click on malicious links.

  9. Generic Content: A tell-tale sign of a phishing email is one where the content is generic and may loosely relate to your business but doesn’t directly relate to you or your interactions with the supposed sender. 
    The best thing to do is report scams emails by forwarding it on to [email protected]


  10. Unusual Sender Behaviour: Scammers are known to impersonate the people you work with. If you receive an email that’s out of character for the supposed sender, such as an unexpected invoice or an urgent meeting, verify the communication through another channel such as phone or video call.
  11. Phishing scams don’t just happen via email: Text messaging and WhatsApp scams are becoming more common. Scammers will prey on current hot topics to trick you into falling for a scam. Take this cost-of-living scam text message as an example:
  12. Multi-Factor Authentication (MFA) Warning: Legitimate organisations may remind you to enable multi-factor authentication but will never ask you to provide your MFA codes.

    Staying vigilant and informed of common phishing tactics will help you to avoid the December dupery and enjoy a Fraud-Free Christmas! 

Further information

Better Security, Better Care is the free national and local support programme helping care services to strengthen their data protection and cyber security arrangements.


Back to News