How to Recognise Phishing Emails: A Practical Guide

Early phishing emails were easy to spot — poor grammar, generic greetings, and obviously fake sender addresses gave them away immediately. Modern phishing has evolved dramatically. Attackers now use correct branding, proper grammar, personalised greetings, and spoofed sender addresses that closely match legitimate domains.

Spear phishing targets specific individuals using information gathered from social media and professional networks. Business email compromise attacks impersonate executives to authorise fraudulent payments. AI-powered tools now generate phishing content that is grammatically perfect and contextually appropriate, eliminating many of the traditional red flags that users relied upon to identify threats.

Despite their increasing sophistication, phishing emails still contain identifiable characteristics. Examine the sender's email address carefully — not just the display name, but the actual address, which often contains subtle misspellings or unfamiliar domains. Hover over links without clicking to check the destination URL.

Be suspicious of any email creating urgency — threats of account closure, limited-time offers, or claims that suspicious activity has been detected on your account. Unexpected attachments, particularly executable files, compressed archives, or Office documents with macros, should be treated with extreme caution. Legitimate organisations will never ask for passwords, payment card numbers, or personal identification numbers via email.

If you suspect an email is a phishing attempt, do not click any links, download any attachments, or reply to the message. If the email appears to come from a company or service you use, open a new browser tab and navigate to their website directly to check for any genuine notifications. Report the phishing email to your email provider using their built-in reporting mechanism.

If you have already clicked a link and entered information, change the affected password immediately and enable two-factor authentication. Monitor the affected account for any unauthorised activity. Contact your bank if you entered financial information.

Even careful users occasionally click links in phishing emails — a moment of distraction or a particularly convincing message can override good habits. Sorinify provides protection at this critical moment by analysing the destination page server-side before it loads in your browser. If the link leads to a fake login page, a credential harvesting form, or a known phishing site, Sorinify blocks the page and displays a clear warning.

This safety net catches threats even when human judgement is momentarily bypassed.