5 Ways to Spot a Phishing Email (A 60-Second Guide for Your Team)

Posted on November 12, 2025

Did you know that over 90% of successful cyberattacks begin with a phishing email?

For a small business, a single click on a malicious link by a well-meaning employee can be catastrophic, leading to data theft, ransomware, and significant financial loss.

Attackers are targeting small businesses precisely because they know security training is often overlooked. The good news is that you can build a strong “human firewall.” Here are five simple things to teach your team to look for.

Five Telltale Signs of a Phishing Email

1. A False Sense of Urgency or Fear

Phishing emails are designed to make you panic and act without thinking. They use phrases like “Your account will be suspended,” “Urgent action required,” or “Unusual sign-in activity.” Always treat urgency as a red flag.

2. The Sender’s Email Address is “Off”

This is the easiest way to spot a fake. The display name might say “Microsoft,” but the actual email address will be something strange like micros0ft.support@random-domain.com. On your computer, hover your mouse over the sender’s name to reveal the true address.

3. Generic Greetings

Your bank or a trusted partner like Microsoft will almost always address you by your name. Be suspicious of generic greetings like “Dear Valued Customer” or “Hi user.”

4. Suspicious Links or Attachments

Never click a link or open an attachment you weren’t expecting. You can hover your mouse over a link to see the actual web address it will take you to in the bottom corner of your browser. If it looks suspicious, don’t click it.

5. Obvious Spelling and Grammar Mistakes

Large corporations have professional copywriters. An email from your “bank” that is full of spelling errors or awkward grammar is almost certainly a fake.

What to Do if You Spot One

  1. Don’t click.
  2. Don’t reply (this just confirms your email is active).
  3. Report it. Use the “Report Phishing” button in Outlook if you have one.
  4. Delete it.

How HDP IT Services Can Help

Technology is only half the battle. Our advanced email security filters (included in our Silver and Gold plans) can block the vast majority of these threats before they even reach your inbox. Our advanced email security filters (included in our Silver and Gold plans) can block the vast majority of these threats before they even reach your inbox .  

But for the few that get through, training is key. Our Gold Plan includes a Managed Security Awareness Platform that provides ongoing training and simulated phishing attacks for your team. We turn your employees from your biggest risk into your strongest line of defence.