EB IT Support LTD just had an email that looked incredibly like one of our staff members, but thanks to our quick thinking team they adheared to some quick rules before actioning or doing anything. 

Quick Rules:

• Always check the from address from an email to see if its by the person.
• Check to see if thats how a business communicates with you normally.
• If in doubt, call them and check to see if it is correct. (DO NOT REPLY).

Phishing emails are becoming increasingly convincing, and one of the most common tactics used by attackers is impersonating a trusted sender. Rather than hacking into a legitimate email account, scammers will create a free email address - such as a Gmail account - designed to look like a real business or contact at first glance. For example, an address like [email protected] is not the same as an email from companyname.co.uk. One is a free account anyone can create in minutes; the other is a verified business domain.

Check the display name and the actual address

Most email clients show you a friendly display name - such as "Support Team" or a person's full name - but this can be set to anything by the sender. Always click or hover on the sender name to reveal the actual email address behind it. If the domain doesn't match the organisation it claims to be from, treat the email with extreme caution.

Trust your instincts

If something feels off - an unexpected request, unusual urgency, a slightly odd tone, or a link you weren't expecting - pause before acting. Phishing emails often create a sense of urgency to pressure you into clicking without thinking. If you receive an email asking you to take an action and you're unsure whether it's genuine, do not reply to the email itself. Instead, contact the sender through a separate, trusted method - such as a phone number you already have on record, or by visiting their official website directly.

Report it — don't just delete it

Deleting a suspicious email removes it from your inbox, but it doesn't help protect others. If you receive a phishing email, report it through the appropriate channels:

• UK users can report scam emails to the National Cyber Security Centre (NCSC) by forwarding the email to [email protected], or visiting: https://www.ncsc.gov.uk/collection/phishing-scams/report-scam-email
• Gmail abuse can be reported directly to Google at: https://support.google.com/mail/contact/abuse
• If your organisation uses Microsoft 365 or Outlook, use the built-in "Report Phishing" button, or forward the email as an attachment to your IT department or system administrator so they can investigate and block the sender at a network level.

A quick checklist

Before acting on any email, ask yourself:

1. Does the email address match the organisation it claims to be from?
2. Was I expecting this email or this type of request?
3. Is there unusual urgency or pressure to act immediately?
4. Does any link, when hovered, go to an unexpected domain?
5. If in doubt- have I verified this through another channel, such as phone or text message.

Staying vigilant costs nothing. Falling for a phishing email can cost far more.