Cofense Logo - Email Security Solutions

How to Identify a Phishing Attack

It’s critical that employees know how to identify a phishing attack. When they can identify an attack before its malware payload is deployed, they help avoid potential data or financial loss. And even if a phishing attack succeeds in deploying its payload, it might be possible to eliminate the threat or contain it before much damage is done.

Identifying the signs of a phishing attack, either attempted or executed, is not a skill you learn overnight. Phishing attacks vary in nature and sophistication; they evolve over time. That’s why phishing awareness training should be ongoing and frequently refreshed.

Rule #1 of How to Identify a Phishing Attack

Rule #1 of how to identify a phishing attack: every email you receive is a potential threat. It doesn´t matter if the (supposed) sender is known to you, or even if the incoming email is a reply to one you’ve sent. If it contains a link, an attachment, asks for confidential information, or is written to appeal to your sense of curiosity, sympathy, fear or greed, you should treat it suspiciously.

Email scammers are experts at creating “lookalike” email accounts and bogus domain names. Some use social engineering tactics to discover personal information, scam the individual into revealing the login credentials of their email account and then send phishing emails to everyone on their contact list. If this happens within a business, the fallout can be dire.

Most so-called “tips” to identify a phishing attack are just clickbait and not helpful at all. For example, tracing an email´s header will not prevent the successful execution of a phishing attack if the email originates from a compromised company email account. Hovering your mouse over a malicious URL may not reveal an attack if the URL has been well disguised and, if neither the sender nor the recipient of an email are strong on spelling, how are you supposed to tell if an email contains poor grammar?

Identifying the signs of a phishing attack is difficult, and the examples provided so far are just the tip of the iceberg. Remember Rule #1 of how to identify a phishing attack: every email you receive is a potential threat. If you get an email you are unsure about, check its validity by phoning the (supposed) sender. If that’s not possible, say something to somebody in a position of authority – preferably a member of the IT department—and, if you click on a malicious URL or open an infected attachment, say something quickly. It may not be too late to prevent a malware attack.

Signs that a Phishing Attack has been Executed

If, despite all your care, you click on a malicious URL, open an infected email, or inadvertently disclose your login credentials, you are unlikely to know straightaway that malware has been deployed on your computer. The exception is ransomware. It wastes very little time scanning your computer´s drives and any connected devices for files to encrypt. Within minutes you will likely see a message appear on your screen demanding a ransom.

If this happens, immediately report the ransomware to a person in authority or your IT team. Depending on the ransomware variant, it may be possible to decrypt the locked files. Or maybe a recent backup of your data exists to restore onto your computer. However, speed is of the essence, not only because many ransom demands are time-sensitive, but because swift action by the IT department may prevent the ransomware spreading throughout the network.

In other, non-immediate ransomware scenarios, it’s possible to identify a phishing attack by changes in the behavior of your computer. Changes to your home page or search engine page can indicate a spyware infection. Advertising pop-ups might point to adware installation and, if your computer starts to slow down or programs crash more often, a full virus scan can detect the problem and perhaps identify a phishing attack as the source.

Of greater concern: inadvertently disclosing your login credentials. In this case, it’s again important to immediately tell a person in authority or your IT team. Usernames and passwords can be changed quickly, and the disclosed login credentials retired, so the information you provided to the cybercriminal becomes of no value. When that happens, the cybercriminal may try to extract the new login credentials from you, but this time you’ll be better prepared.

Be Better Prepared Before a Phishing Attack with Cofense

Of course, it’s better to identify a phishing attack before its malware payload is deployed. Cofense can help with that. We’ve developed an intelligence-driven phishing defense solution that enhances awareness of phishing attacks. Our solution conditions users to be less susceptible to phishing and lets employees report suspicious emails with the click of a button. Your IT department can then prioritize alerts based on each user´s “conditioned rating,” that is, how well he or she has performed in simulations.

The Cofense platform integrates seamlessly with existing security and event management systems, or can be used as a stand-alone solution. The platform includes interactive phishing simulations which you can customize to your security needs, industry sector and compliance requirements. It also connects with a human-vetted threat intelligence service that helps your security team identify a phishing attack faster.

Train your employees to identify a phishing attack—before its malware payload is deployed.  Contact us and request a free Cofense demonstration. Cofense is proven to reduce susceptibility to phishing emails by up to 95% and protects more than 1,000 enterprises worldwide. Thanks to us, more than 35+ million users know how to identify a phishing attack and respond effectively. Shouldn´t yours?

Interested in learning more about phishing detection and response?

Explore our Resource Center for our latest content

Explore our database of phish found in environments protected by SEGs, updated weekly

Download our latest Phishing Review to learn about threat landscape trends.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.