Inform users how to recognize phishing (e-mail fraud)

Phishing is a popular technique for accessing sensitive and/or confidential data.

Know how to recognise malicious e-mails, spam or phishing e-mails that algorithms cannot detect. This mindset of challenging information prevents misuse of hacked information. Communicate to your users what to pay attention to when using email.

Domain Names

Pay attention to the domain-name (the bit after the @ symbol). Make sure the spelling is correct, and if you don't know the company, perform a quick google search on the domain name. Even if an email is sent from a person you know, verify if the domain-name is the one that your are expecting, and has no typo's or small changes.

Grammatical and/or spelling errors

Check for obvious spelling errors... although it's becoming harder to recognise phishing emails, incorrect spelling is often still a giveaway. If an email contains gramatically incorrect phrases, make sure you double-check the email before responding.


Beware of attachments! If an email has attachments, ask yourself the question if this is the type of attachment you are expecting. If an email contains e.g. an invoice, ask yourself is this is typically the person you get the invoice from. Compressed files (.zip) or executables (.exe) should trigger your suspicion. When in doubt, you can also run these attachments in a sandbox. Take care to not upload potentially confidential documents to 3rd parties, though.


Phishing emails will often contain links to websites, invoices, documents,... Verify the link by hoovering over the text. Check if the actual link is a domain you would expect and if it is correctly spelled. Like with attachments, you can analyze urls in a sandbox environment, such as VirusTotal.

A sense of urgency

Scammers will often urge us to action and create a sense of urgency. Typically, the email will threaten to 'stop the service', 'delete your account permanently' or 'cause harm to your business'. Email with a threatening tone or requesting urgent action should always be verified twice before responding.