Skip to content
Birchall Reality
Birchall Reality

How to Spot and Avoid Phishing Emails at Work

A straightforward guide for North Wales businesses on recognising phishing emails, the warning signs to teach your team, and what to do when one lands.

  • Cyber Security
  • Email
A person typing on a laptop at a desk, the everyday setting where phishing emails arrive

Email runs almost every small business. Quotes, invoices, supplier orders, customer enquiries: it all flows through the inbox. That is exactly why criminals target it. Phishing is the practice of sending messages that look genuine in order to trick you into handing over passwords, bank details, or money. The good news is that most phishing attempts give themselves away if you know what to look for.

This guide is written for business owners and office managers, not IT specialists. Read it, share it with your team, and you will have removed one of the most common ways a business gets caught out.

What phishing actually is

A phishing email pretends to be from someone you trust. It might claim to be your bank, a supplier, a delivery company, Microsoft, or even a colleague. The aim is to get you to do one of three things: click a dodgy link, open an infected attachment, or reply with sensitive information.

Phishing is one of the most common routes into a business. The UK government’s Cyber Security Breaches Survey consistently finds that phishing is the most frequently identified type of attack reported by businesses. It is cheap for criminals to send and it only takes one person having a busy, distracted moment.

The warning signs to teach your team

Most phishing emails share a handful of tell-tale signs. Get your whole team familiar with these and you have built a strong first line of defence.

The sender address does not quite match

The display name might say “HMRC” or your supplier, but the actual address behind it is often slightly off. Look for misspellings, odd extra words, or a public domain like gmail.com where you would expect a company one. On a phone this is easy to miss, so it pays to slow down.

It creates urgency or fear

“Your account will be closed in 24 hours.” “Unpaid invoice, immediate action required.” “Unusual sign-in detected.” Phishing leans hard on panic because rushed people stop checking. A genuine organisation will not punish you for taking a moment to verify.

Be wary of any link or attachment you were not expecting, even from a known contact whose account may have been compromised. Hover over a link before clicking to see where it really goes. If it does not point to the website you would expect, do not click it.

Requests for passwords, payment, or bank changes

No reputable bank or supplier will ask for your password by email. Be especially careful of messages asking you to change the bank details you pay an invoice to. This particular scam, known as invoice fraud, costs UK businesses a great deal every year, and the fix is simple: phone the supplier on a number you already have on file to confirm any change.

The NCSC publishes clear, practical advice on dealing with suspicious emails and messages that is well worth sharing with staff.

Practical steps that stop most attacks

Spotting phishing is half the job. The other half is putting a few sensible defences in place so that a single mistake does not become a disaster.

  • Turn on multi-factor authentication (MFA). Even if a password is stolen, MFA usually stops a criminal getting in. The NCSC recommends it as one of the single most effective things you can do.
  • Use strong, unique passwords. A password manager makes this painless and means one breached site does not expose everything else.
  • Keep software updated. Many attacks rely on out-of-date systems. Letting updates install promptly closes those gaps.
  • Filter the obvious junk. Good spam and email filtering removes a large share of malicious mail before anyone sees it. Our cyber security service sets this up properly so your team only deals with the messages that matter.
  • Back up your data. If the worst happens, reliable backups are what get you trading again quickly.

We cover these foundations as part of managed IT support, so the protections stay in place and up to date without you having to think about them.

When an email gets through anyway

Even careful teams get caught occasionally. What matters is what happens next.

  1. Do not panic, and do not hide it. Speed matters far more than blame. The sooner you act, the less damage is done.
  2. Disconnect the device from Wi-Fi or the network if you suspect malware.
  3. Change the password on any account whose details were entered, and turn on MFA.
  4. Report it. Forward suspicious emails to the NCSC at [email protected], and report fraud or attempted fraud to Action Fraud on 0300 123 2040.
  5. Tell your IT support. We can check whether anything spread further and help you tidy up.

Building a team that spots the scams

The strongest defence is not a piece of software, it is a confident, switched-on team. People who feel able to pause and double-check, and who know they will be thanked rather than told off for flagging something, catch the scams that slip past the filters.

A short, regular conversation about what the latest scams look like does more than any annual tick-box session. If you would like a hand getting your team up to speed, or simply want a second opinion on how exposed your email currently is, our free IT review is a straightforward place to start. It is a no-obligation look at how your systems are set up and where the easy wins are.

You can also get in touch for a friendly chat, and if you would like to understand what working with us costs, our pricing is laid out clearly. For a related read, see our guide to common IT mistakes small businesses should avoid.

Phishing is not going away, but with a little knowledge and a few sensible habits it stops being something to worry about and becomes just another thing your business handles well.

Frequently asked questions

What should I do if someone in my team clicks a phishing link?

Stay calm and act quickly. Disconnect the device from the network, change the password on any account that was entered, and turn on multi-factor authentication if it is not already on. Then report it to Action Fraud and let us know so we can check whether anything else was affected.

How can I report a suspicious email?

Forward it to the National Cyber Security Centre's Suspicious Email Reporting Service at [email protected]. It is free, it takes seconds, and it helps the NCSC shut down scam sites that target other businesses.

Will antivirus software stop phishing on its own?

No single tool stops everything. Good spam filtering and antivirus catch a large share of malicious mail, but phishing is designed to fool people, not software. A well-trained team is your strongest layer of defence.

Want this checked for your own business?

Book a free IT review, a straightforward, no-obligation review of where your IT stands.

Book your free IT review

← Back to all guides

See where your business IT really stands

Start with a free, no-obligation IT review: a 15 to 20 minute look at your backups, security, cloud-readiness and where you could save money.

Get in touch or call 01824 538583