Identifying an email phishing attack

Phishing attacks are one of the most common cyber threats, with hackers refining their techniques to exploit individuals and businesses. According to Paubox, in 2024, over 70% of healthcare data breaches originated from phishing attacks. While these attacks can appear convincing, there are telltale signs that can help you identify and avoid falling victim to a phishing scam.

What is phishing?

Phishing is a cyberattack where scammers impersonate legitimate organizations or individuals to trick recipients into sharing sensitive information, such as login credentials, financial details, or other personal data. These attacks typically come in the form of emails, but they can also occur through text messages or social media. According to IBM, phishing attacks are a form of social engineering. “Unlike other cyberattacks that directly target networks and resources, social engineering attacks use human error, fake stories and pressure tactics to manipulate victims into unintentionally harming themselves or their organizations.”

The goal of phishing is to deceive you into believing the message is genuine, leading you to click on malicious links or download malware.

Read more: What is an email phishing attack?

Signs of a phishing email

According to the American Hospital Association (AMA), in September 2025, Microsoft announced it had disrupted a growing phishing service operation that targeted at least 20 healthcare organizations in the United States. “The company said it used a court order granted by the U.S. District Court for the Southern District of New York to seize 338 websites associated with RaccoonO365, a cyber threat group known for stealing Microsoft 365 credentials through phishing tactics… The company said the phishing kits use Microsoft branding to create fraudulent emails, attachments and websites. Since July 2024, the kits have stolen at least 5,000 Microsoft credentials from individuals in 94 countries.”

This incident shows how phishing emails can often look real. Attackers copy trusted brands, logos, email designs, and login pages to make their messages seem legitimate. So how can you identify a phishing email? According to IBM, these are the signs to look for:

Fake URLs and email addresses

Phishing emails often use web links or sender addresses that look legitimate at first glance but hide malicious intent. Hovering over links to check where they really lead can help spot fakes.

What to look for:

• An email address that looks slightly off, like @support.amaz0n.com instead of @amazon.com.
• The domain may resemble a well-known one but with subtle differences, such as @company-support.com instead of @company.com.

Generic greetings and messages

Messages that don’t use your name or specific account details can be a sign of a phishing attempt. Vague references to “your account” or “your payment” with no context are also suspicious.

What to look for:

• Phrases like "Dear Valued Customer" instead of your actual name.
• Impersonal language or incorrect grammar.

Urgent or threatening language

Many phishing attacks attempt to create a sense of urgency or fear to prompt immediate action. For instance, the email may claim that your account has been compromised, or that your payment is overdue, threatening account suspension or legal action if you don’t respond right away.

What to look for:

• Statements like “Your account will be locked in 24 hours unless you verify your information.”
• Overly urgent requests for sensitive information.

Requests for money or personal information

Legitimate organizations rarely ask you to send financial details, passwords, or other personal data via email. If an email asks you to share personal information directly or through a link, it’s likely a phishing attempt.

What to look for:

• Requests to "confirm" your account details, passwords, or credit card information.
• A link that directs you to a form asking for personal or financial details.

Suspicious links and attachments

Phishing emails often contain links or attachments designed to either install malware or direct you to a fraudulent website. The goal is to harvest your login credentials or infect your device. Before clicking on any link, always hover over it to reveal the actual URL. If it doesn’t match the supposed source, avoid clicking it.

What to look for:

• Links that don't match the official domain of the company.
• Attachments with unfamiliar file extensions, especially executable files like .exe.

Poor grammar and spelling

Many phishing emails originate from international scammers, and their messages may contain awkward phrasing, misspellings, or grammatical errors.

What to look for:

• Misspelled words, unusual phrases, or incorrect grammar.
• A message that reads as though it were translated by a machine.

See also: HIPAA Compliant Email: The Definitive Guide

How to protect yourself

To defend against phishing attacks, it is advised to combine human awareness, technology safeguards, and clear response processes. The U.S. Department of State recommends a layered approach that strengthens both people and systems:

Train and educate staff

Teaching employees and users how phishing works and how to spot suspicious emails has been identified as one of the most effective defence mechanisms. The training should be regular and ongoing, not just a one-time event. It should cover common red flags, such as unexpected requests, urgent language, and suspicious links or attachments, and encourage reporting of suspicious messages before taking action.

Enable strong authentication

Adding an extra layer of account protection beyond passwords helps prevent attackers from accessing accounts even if credentials are stolen. Using multi-factor authentication (MFA), especially phishing-resistant forms like FIDO keys or hardware tokens, makes it harder for attackers to succeed.

Use email filtering and anti-spoofing tools

Technical measures can stop many phishing attempts before they reach inboxes. Email authentication standards like Domain-based Message Authentication, Reporting, and Conformance (DMARC), along with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), help verify that emails claiming to be from your organization are legitimate. Anti-phishing filters and domain-blocking tools can also detect and block malicious links and attachments.

Protect devices and networks

Keeping software up to date, using reputable antivirus and firewall solutions, and applying protective DNS services can reduce the risk of malware installation from phishing links. Setting devices so that risky attachments (like .exe or .scr files) are blocked or restricted adds an additional safeguard.

Develop clear reporting and response plans

Even with strong defenses, phishing attempts will still occur. Organizations should ensure that there’s a clear process for reporting suspected phishing and a response plan if credentials are compromised or malware is suspected. Quick detection and response can limit damage.

Build a culture of cybersecurity awareness

Defending against phishing isn’t a one-off task, and organizations need to integrate cybersecurity into everyday behavior. When people feel comfortable reporting suspicious emails without fear of blame, and when leaders regularly reinforce secure habits, the organization becomes stronger against social engineering threats.

By combining training, technical controls, and clear policies, individuals and organizations can reduce the risk and impact of phishing attacks, protecting sensitive data and systems from one of today’s most common cyber threats.

Go deeper: Steps to protect against phishing attacks

How Paubox defends against phishing

Paubox protects healthcare organizations from phishing through a multi-layered email security approach designed to stop threats before they reach the inbox. Its inbound security solution leverages generative AI to analyze email behavior, tone, and intent, allowing it to detect sophisticated phishing attempts that may appear legitimate. Rather than relying solely on traditional spam filters, Paubox identifies unusual patterns and suspicious activity that signal potential social engineering attacks.

To combat impersonation, Paubox offers patented ExecProtect and ExecProtect+ features that detect display-name spoofing and block emails that attempt to mimic trusted executives or employees. Incoming messages are also scanned for malware, malicious links, spoofed domains, and other indicators of compromise. Suspicious emails are automatically quarantined, reducing the risk of credential theft and unauthorized access.

The combination of AI-driven detection, impersonation protection, and advanced threat filtering, Paubox helps healthcare organizations using Paubox reduce phishing risk while protecting sensitive data and maintaining HIPAA compliance.

FAQs

What should I do if I receive a phishing email?

• Don’t click on any links or download attachments.
• Report the email as phishing through your email provider.
• Contact the company directly through verified contact methods if you’re unsure of the email’s legitimacy.
• Delete the email from your inbox.

Why do phishing emails often contain grammatical errors?

Many phishing emails come from international sources where English is not the first language, or they are created quickly with less attention to detail. The errors can also serve to bypass spam filters, as well as target less vigilant recipients.

Can phishing emails harm my computer without clicking anything?

Simply opening an email generally won't harm your computer. The danger lies in clicking on malicious links or downloading attachments. However, some advanced attacks might include embedded malicious content, so always be cautious.