📨 How to Spot a Phishing Email
📨

How to Spot a Phishing Email

Category: Email / Security · Audience: Client · Updated: March 2026

Phishing emails are the most common way attackers target businesses. This guide shows you what to look for, what to do if you receive one, and what to do if you've already clicked.

What Is Phishing?

Phishing is when someone sends a fake email designed to trick you into clicking a malicious link, opening a dangerous attachment, or entering your credentials on a fake website. The emails often impersonate trusted brands like Microsoft, banks, Australia Post, or even your own colleagues.

Warning Signs to Look For

1. Sender address doesn't match the display name

The email might say "From: Microsoft Support" but the actual email address is something like support@m1crosoft-verify.com. Always check the full sender address, not just the display name.

2. Urgency or threat language

Phrases like "Your account will be suspended", "Immediate action required", "Unusual sign-in detected" — these are designed to make you act without thinking.

3. Unexpected attachments

If you weren't expecting a file — especially a PDF, ZIP, or Office document — don't open it. Invoices, shipping notices, and "shared documents" from unknown senders are common lures.

4. Suspicious links

Hover over any link (don't click) and check the URL in the tooltip. If the link goes to an unfamiliar domain, a misspelled domain, or a long string of random characters, don't click it.

5. Generic greetings

"Dear Customer", "Dear User", "Dear Sir/Madam" — legitimate services usually address you by name.

6. Poor grammar and formatting

While not always the case (phishing emails are getting more sophisticated), noticeable spelling mistakes, odd formatting, or inconsistent branding can be red flags.

7. Requests for sensitive information

No legitimate company will ask you to send your password, credit card number, or personal details by email.

What to Do If You Receive a Suspicious Email

  1. Don't click any links or open attachments.
  2. Don't reply to the email.
  3. Forward it to your ATS Systems technician or to your IT contact.
  4. Delete the email after forwarding it (or move it to junk).

Tip: If you're unsure whether an email is real, contact the supposed sender through a separate channel (e.g. call them on their known phone number, or go directly to their website — don't use the link in the email).

What to Do If You've Already Clicked

If you clicked a link or opened an attachment from a suspicious email:

  1. Disconnect from the network — Turn off Wi-Fi or unplug the Ethernet cable immediately.
  2. Call ATS Systems on 07 3523 3660 — Describe what happened. Our team will assess the risk and guide you through the next steps.
  3. Don't delete the email — We need it for investigation.
  4. Change your password immediately if you entered credentials on a suspicious page.
  5. Check for MFA prompts you didn't initiate — deny any unexpected approval requests.

⚠ Important: Speed matters. The sooner you report it, the more we can do to contain any potential damage.

Real-World Examples

  • Fake Microsoft 365 login page — You receive an email saying "Your mailbox is full, click here to manage storage". The link goes to a page that looks like the Microsoft sign-in screen but the URL is not microsoft.com.
  • Fake invoice PDF — An email with a PDF attachment claiming to be an overdue invoice. The PDF contains a link that downloads malware when clicked.
  • CEO impersonation — An email that appears to come from your managing director asking you to urgently transfer funds or buy gift cards. The sender address is slightly different from the real one.

Need help? Call 07 3523 3660 or submit a ticket at atssystems.com.au/support/ticket/