Security Awareness: The Anatomy of a Phish

Written by Chelsea Jarvie

Chelsea is the Director of Neon Circle and a cyber security consultant. Chelsea is passionate about driving forward modern security practices and pragmatism and is experienced in building risk-centric and efficient operations. Chelsea is a STEM ambassador, an experienced conference speaker and judge for Scottish Cyber Awards. She was named as a "Woman of the Future" by Equate Scotland in their "Leading Women of Scotland" Publication and chosen as Code First Girls: One to Watch 2017.

May 7, 2020

What’s the make up of a phishing email? 

Phishing emails have similar tell-tale signs which we can all look for to avoid getting hooked. In this article we’ll go through why cyber criminals send phishing emails, the anatomy of them and what you can do to stay safe.

Why do cyber criminals send phishing emails?

Cyber criminals aim to trick you into giving them something they want, that they don’t currently have access to. This can be:

  • Financial details
  • Log in details
  • Sensitive information such as business secrets
  • Access to your device

They use phishing emails to lure you into giving them what they want. Sometimes phishing emails can be generic and sent to lots of people, or sometimes the cyber criminals do their research and target you specifically, this is called spear phishing.

Success Criteria

In order to succeed cyber criminals, rely on you taking action when you receive the phishing email. Similar to fishing, you need to take the bait to be hooked. If you don’t take the action the cyber-criminal wants you to then you are safe.


The Anatomy

Here is what to look out for when you receive an email which looks a bit dodgy.

  • Sender’s address 
    • The sender has an email address which doesn’t look quite right. The email may claim to come from your bank, but the sender’s email address ends in “”. Or you may get an email from a sender who has tried to impersonate a legitimate company, for example, you may get an email from “Apple” and the sender’s email address ends in “”.
  • Quick action required
    • Many phishing emails try to make you feel panicked and flustered so you act quickly without thinking about it. The message may look to come from your bank with urgent instructions, or from someone senior in your workplace.
  • The email is poorly written
    • Phishing emails tend to have spelling or grammar errors. Most legitimate companies have a variety of review steps before emails go to customers to make sure there are no errors, cyber criminals don’t have the same processes.
  • There is an unexpected link or attachment
    • If you receive an email with a link or attachment that you didn’t expect, then stop before you take any action. Check the points we mentioned above, and if there is a link, hover over it with your mouse to see where the link is actually taking you.
  • Too good to be true
    • If you get an offer or message which seems too good to be true, then don’t be tempted into clicking the link. Sometimes cyber criminals will design online stores which look legitimate and make you think you are getting a good deal, but in fact they may be stealing your log in credentials and your card details.


Here is an example phishing email:

As you can see, this example has 3 of the 5 tell-tale signs above. The sender doesn’t look to have a legitimate Apple email address, they are pressuring the user to click the link, or their Apple account will be locked within 24 hours, plus the link leads to “”. Not legitimate.

What happens if I fall for the phish?


If the email contained a link that you clicked on, you will probably be taken to a fraudulent website where you will be asked to log in or input sensitive data such as card information.

Do not input any details, disconnect from the internet and run a virus scan on your computer.  If you have input details, contact your bank if the details were financial and change your password for the account you tried to log in to on the phishing link.


If you click an attachment, it’s likely to have infected your machine with malware so disconnect from the internet and run a virus scan. 

No one is immune from phishing and sometimes the cyber criminals make the email very believable, but it is important to be aware. When you get emails in future, think before you click.

You may also like…