Phishing emails can have devastating consequences for companies when they fool recipients. These scam messages can include malicious links and attachments and, if users interact with them, they can disclose their confidential credentials or download malware inadvertently. Malicious payload can include spyware, keyloggers, ransomware and even computer viruses.

To help you identify malicious mails swiftly enough for them to be reported, we have listed four indicators to be aware of.

1. Messages sent using a public email domain

Most companies, except for the smallest of operations, will use a dedicated email domain with company accounts. For instance, legitimate emails issued by Google will utilise ‘’.

When a domain name matches the expected sender of an email, a message is likely legitimate. However, if it comes from an email address that is not affiliated with the sender, it is likely to be a phishing message. The use of a public email domain like ‘’ in communications that are supposed to be from an established enterprise are among the most obvious signs of a scam.

2. When domain names are misspelt

A further clue related to domain names can be when they are spelled incorrectly. Attackers using phishing attacks often buy up domain names that appear similar to those legitimately used by an enterprise. Threat operators rely on users skimming domain names and not noticing the subtle differences. However, always study the domain names of emails sent by unknown senders to avoid these phishing schemes.

3. Poorly written English

Many phishing emails are poorly written. Legitimate firms will proofread their correspondence to ensure they never negatively impact their professional images. Scammers have no such concerns, however. Often based in foreign countries, English is seldom their first language, which can lead to multiple grammatical and spelling mistakes. Look out for these errors in phishing mail to avoiding getting hooked.

4. Malicious links and payloads

If your email provider detects a threat within a message, it will likely issue a warning and send the mail to a spam folder. However, threat operators are constantly creating new and ingenious ways to bypass mail security filters. As a result, the responsibility may rest with the recipient not to engage with traps within the message.

Users should never download files included in messages from an unknown sender, or click on links in the body copy. Sometimes, links to log-in pages will be included that appear to offer users a shortcut to the site they are required to reach. However, the links will take them directly to a phishing site to steal their passwords and usernames or infect their device with malware. Users must always type the site address they require into their secure browser to mitigate threats.

Advanced security for your staff

The Galaxkey secure workspace was developed to offer a safe environment for staff to operate free from threats. With no passwords stored, our system has zero backdoors and an innovative toolkit that includes cutting-edge data encryption software and electronic document signing.

Contact our team today for a free 14-day trial.