Insight Code Top
Insight Code Bottom
How to avoid a phishing attack

How to identify and avoid phishing attacks

7th October 2020

7 min read

Phishing scams are nothing new. Many of us, if not all, have been targeted by some form of phishing attack whether we’re aware of it or not. Remember that PayPal claim you won, or the unexpected tax refund? All you had to do was ‘Click the link below!’

Phishing Attack Anatomy

The beauty of phishing scams (depending on which way you look at it), is their ability to stay relevant. They can follow current trends. Stay on topic. Whatever hits the newspapers will most likely end up becoming a sophisticated phishing attack. Not only this, they can mimic almost any service or company imaginable. Many security issues can be resolved with software updates. However, a phishing attack can never be “patched” so to speak. The best defence against scam emails is to understand, recognise, and report them.

With COVID-19 on everybody’s minds this year, malicious actors have stepped up and used the pandemic to their advantage to target vulnerable people. Sentrium is committed to security and we’ve listed below some of the tell-tale signs of a scam email. We hope you can use them to help keep yourself safe online.

Below you will see an email which I received recently. Before we take a look, there is one question I believe we should all be asking when we receive something unexpected; Why did I receive this email?

With that in mind, here goes.

If you received this email, what is the first thing you should be asking yourself? Did I apply for a grant? Is this applicable to me at all? The answer to these kinds of questions is quite often No.

Taking a closer look, the email is telling me my “second grant has been approved”. Well, that’s curious because I never received my first grant!

So perhaps you believe that you may be entitled to a grant. After all, we’re in the midst of a pandemic and the government has a range of schemes to support UK businesses. You have most likely read about this in the news – it’s certainly a topical feature in our daily lives. What other warning flags are there in this email?

Delving deeper, the email sender’s name is “UK Government”. This sounds rather official, maybe it is real? Take a look at the email address (this has been viewed in Microsoft Outlook online, but most email programs show this information in a similar style).

This doesn’t look official at all, not like a email address. This is a big tell that the email is not legitimate and is likely a phishing attempt. Granted, this is particularly easy to spot as suspicious and other senders may have more convincing addresses, so we can look for more characteristics of a phishing email to help us.

Moving on to the body of the email.


The first sentence addresses me by my email address. If this were an official email and had stemmed from some previous communication, it would usually know my name and start the email with “Dear Name” or “Mr. Surname”.

Bad grammar: “The money are set to land in your bank accounts within six working days of making the claim”. This is unlikely to have been written by an employee of the UK government.

Moving on, let’s assume that the email you received was from a seemingly official address, they addressed you by name, and it appears to be grammatically correct. Surely you can claim your money now? Not just yet, phishing emails usually have a theme:

  • Email is relevant in some way, from a popular service or is based on a current topic;
  • You are offered a high motivation or benefit to engage, and;
  • There is a sense of urgency.


Up until now, we’ve seen the first two points, the email is current and there is money to claim. How about the third point? Consider this sentence: “Keep in mind that the scheme closes on the 19 October 2020 so you have to hurry up”. A common tactic used to entice you to act quickly.

Finally, we get to the core of a phishing attack. The link. Scammers need to direct you somewhere so they can harvest information, such as bank details. Therefore, the web addresses are usually hidden, in this case behind the text “Claim now >” so you can’t see where you’re heading before you click. Most modern browsers will display the web address in the bottom left of the page by hovering over the link, as seen below.

The trouble scammers have is that they cannot simply use, because they have no control over the website and what content is shown to the user. This means they must use obscure web addresses like above.

If, after assessing each feature of the email, nothing stands out as fraudulent, what now? Ask yourself again, why did I receive this email? If you cannot answer this question then in all likelihood, it’s a scam and should be ignored. If you still have any doubt, contact the legitimate service or company that the email claims to be, and find out if it’s legitimate.


  • Insights
  • Labs
ISO 9001 and ISO 27001

Sentrium Achieves ISO 9001 and ISO 27001 Certifications

In an increasingly digital world, the importance of quality and security cannot be overstated. Sentrium Security Ltd is excited to share our recent achievement –…

What are the different types of penetration testing?

What are the different types of penetration testing?

As digital business becomes more widespread, the need to ensure data security increases. One way to test its effectiveness is through penetration testing. Penetration tests…

OWASP Global Image

OWASP Top 10 2021 Released

The Open Web Application Security Project (OWASP) is a not-for-profit organisation that aims, through community-led open-source projects, to improve the security of web-based software. OWASP…

Using a CREST-Approved penetration testing provider

What is CREST penetration testing and why is it important to use a CREST-approved provider?

Trusting the effectiveness of your IT security controls is crucial to mitigate risks and malicious access to your systems and the information they store. Penetration…

cloud computing technology concept transfer database to cloud. T

How secure use of the cloud can digitally transform your business

Companies that move towards digital transformation can innovate more quickly, scale efficiently and reduce risk by implementing cloud security best practices. Businesses must keep up…

How to prepare your business for secure cloud migration

How to prepare your business for secure cloud migration

The cloud holds a lot of potential for organisations. Moving your IT environment to a secure cloud provides flexibility and agility. It allows your team…

Application Security 101 – HTTP headers

Application Security 101 – HTTP Headers Information Disclosure

Server Header Information Disclosure The most common HTTP header that is enabled by default in most web servers is the ‘Server’ header, which can lead…

SPF, DKIM, DMARC and BIMI for Email Security

SPF, DKIM, DMARC and BIMI for Email Security

Sender Policy Framework Sender Policy Framework (SPF) is a DNS TXT record that is added to a domain that tells email recipients which IP addresses…

Terraform security best practices

Terraform security best practices (2022)

The following sections discuss our most important Terraform security best practices: The importance of Terraform State Terraform must keep track of the resources created. When…

Security vulnerability in Follina exploit

Preventing exploitation of the Follina vulnerability in MSDT

The Follina Exploit A zero-click Remote Code Execution (RCE) vulnerability has started making the rounds which is leveraging functionality within applications such as Microsoft Word.…

Application Security 101 – HTTP headers

Application Security 101 – HTTP headers

1. Strict-Transport-Security The HTTP Strict Transport Security (HSTS) header forces browsers and other agents to interact with web servers over the encrypted HTTPS protocol, which…

Code, HTML, php web programming source code. Abstract code background - 3d rendering

New Exchange RCE vulnerability actively exploited

Exchange admins now have another exploit to deal with despite still reeling from a number of high profile attacks this year including ProxyLogon and ProxyShell.…

Get in touch with our experts to discuss your needs

Phone +44(0)1242 388634 or email [email protected]

Get in touch