Phishing
Spot a Fake Email in 30 Seconds
Phishing accounts for 80% of cyberattacks. These fake emails perfectly imitate your bank, HMRC or Royal Mail. Here are the 7 signs that unmask them in under 30 seconds.
🎣 What exactly is phishing?
Phishing is an email scam where criminals impersonate a trusted organisation (bank, HMRC, NHS, Amazon...) to steal your login details, passwords or bank details.
🚨 The 7 signs of a phishing email
- The sender's email address is odd The email seems to come from "support@hmrc.gov.uk" but looking closely, it's "support@hmrc-gov.verification.com". The display name looks right but the actual address is fake. Always check the full address.
- Artificial urgency or a threat "Your account will be suspended in 24h", "Immediate action required", "Final warning". Legitimate organisations don't threaten you by email.
- A link that doesn't match the official site Hover over the link (don't click!): does the address shown match the real site? "natwest-secure.com" is not "natwest.com".
- Spelling mistakes or odd phrasing "Your account have been suspended for security reasons" — this kind of error often reveals automated translation.
- They're asking for personal information Your bank, HMRC or the NHS will NEVER ask for your password, card number or PIN by email. This is an absolute rule.
- The email doesn't use your name "Dear Customer", "Dear User", "To whom it may concern"... If your bank emails you, it knows your name and uses it.
- An unexpected attachment Invoice you weren't expecting, document to sign, "your statement"... Attachments are often malware in disguise. Never open an unexpected attachment.
📧 Real annotated examples
Example of fraudulent email⚠️ FAKE
From:NatWest Bank <security@natwest-alerts.net> ⚠️ suspicious domain
Subject:⚠️ URGENT — Your account has been suspended
Dear Customer,
We have detected suspicious ⚠️ urgency activity on your account. To avoid permanent suspension, please confirm your details ⚠️ info request by clicking here:
http://natwest-verification.account-secure.biz/login ⚠️ fake domain
We have detected suspicious ⚠️ urgency activity on your account. To avoid permanent suspension, please confirm your details ⚠️ info request by clicking here:
http://natwest-verification.account-secure.biz/login ⚠️ fake domain
Legitimate email for comparison✓ REAL
From:NatWest <no-reply@natwest.com> ✓ official domain
Subject:Your March 2026 statement is ready
Hello John, ✓ first name used
Your monthly statement for March is now available in your online banking.
Log in at www.natwest.com ✓ real site
Your monthly statement for March is now available in your online banking.
Log in at www.natwest.com ✓ real site
✅ What to do if you receive a suspicious email
- Don't click any link — even to check
- Don't download attachments
- Verify directly on the official site by typing the address manually
- Report it — forward to report@phishing.gov.uk
- Mark as spam in your email client
- Never reply to a suspicious email — even to say you're not interested
- Never send passwords or card details by email
🚨 If you already clicked and entered your details
- Change your password immediately on the real site
- If it's your bank: call the number on the back of your card
- Enable two-factor authentication on all important accounts
- Report to Action Fraud: 0300 123 2040
✅ The golden rule to remember
- No bank, government body or serious service will ever ask for your password or bank details by email. Ever. Full stop.
Received a suspicious email?
Describe it to CyberGuard — it'll tell you if it's dangerous and what to do.
🤖 Ask CyberGuard →📚 The complete guide in PDF
30 pages · WiFi, scams, children, antivirus, VPN · Instant download