Email is a great way of finding out about products, services and news that are of interest to your company, but it’s also a way of delivering unwanted – and potentially dangerous – information to your inbox in the form of spam and phishing emails. In this article, we explain the risks posed to you and your business by these emails, the best practices you can adopt to protect your company and how Air IT can help.

Air IT support phishing advice

Spam and phishing emails: What’s the difference?


Spam Emails

Spam, or junk emails, are unsolicited emails. They might promote products or services such as pharmacies, gambling or online dating, contain hoax virus warnings or charity appeals, or advertise ‘get rich quick’ schemes.

Whilst many spam emails are merely a harmless annoyance, they sometimes contain viruses or malware that can seriously damage your computer. Junk emails can also be used as a front for phishing schemes.


Phishing Emails

Phishing emails are a form of spam that’s been specifically designed to obtain your personal details, such as bank account log-in details and credit card numbers, with a view to either stealing your identity and/or defrauding your financial accounts.

Typically, a phishing email will look like it’s been sent from a genuine bank or financial services provider.

For example, it might use HSBC’s logo and branding and be sent from an email address that’s similar to, but slightly different from, HSBC’s actual URL, e.g. ‘’ instead of ‘’.

The aim of a phishing email is to get you to visit a hoax website (which again may look like the real thing) through a link within the email and enter your personal and/or financial details, which will then be stolen and used by criminals.


Malware and viruses

Both spam and phishing emails can be used to infect your computer with malware and viruses, which are activated when you open a link or attachment within the email.

Viruses like these cost UK businesses millions of pounds a year in fraud, downtime and computer repairs, so it’s essential that you take steps to protect your company from attack.


Spotting suspicious Emails

It’s very important that you and your staff remain vigilant about any suspicious emails that may bypass your security systems and contain dangerous viruses.

Following these guidelines will help you identify and delete any suspicious emails before they have the chance to infect your network.


1. Don’t respond to emails asking for personal and/or financial information

A genuine bank would never ask you to provide personal information by email.

And beware of fake messages such as ‘Urgent – log in now, your account details may have been stolen’, designed to prompt an immediate reaction.


2. Always be cautious about downloading files and opening email attachments

Bear in mind that banks and other major companies don’t generally send out email attachments, so this is an indication that the email may not be from a trusted source.

Attachment file types .exe, .bat, .scr, .zip and .com are especially high risk.


3. Check the details in the address bar

Does your own email address appear in the ‘From’ field?

Are lots of addresses visible in the ‘To’ field?

Or does the sender’s email address look suspicious, e.g. the account name shows as ‘HSBC UK’ but the actual email address is ‘’?

These are clear signs of a phishing email.


4. Check any links in the email by hovering your mouse over them

If the URL that appears in the bottom left-hand corner of your screen looks suspicious in any way, don’t click on it.

And even if the link looks genuine, be wary of clicking on URLs that aren’t encrypted, i.e. that start with http:// not https://


5. Look closely at the email’s content

Are there spelling or grammatical mistakes, or strange mixtures of numbers and letters, i.e. ‘Gambl1ng’?

Is the email poorly designed or in plain text when you’d have expected an HTML email featuring a logo, images and text?

Or is the whole email embedded in a single image? If so, hit Delete.

6. Be careful not to pass the problem on or make it worse

Replying to a scam email or clicking on a fake ‘Unsubscribe’ button will only tell the spammer that your email address is genuine, so don’t interact with it at all. You shouldn’t forward it to anyone else either unless you are reporting it through the National Cyber Security Centre’s phishing reporting scheme.


Three simple steps

If you’re in any doubt about an email you’ve received, just ask yourself:

  1. Am I expecting this email?
  2. Do I know who or where it’s come from?
  3. Is it too good to be true, e.g. an offer to put money in your bank account?

If an email doesn’t look right, it probably isn’t. If you can’t verify that the message originated from a trusted source, it’s best to delete it.


Step up your IT security

It’s always best practice to have properly configured and up-to-date anti-virus software, anti-spam filters and firewalls to help minimise the threat of any infection from spam or phishing emails. If you don’t have these in place, we strongly recommend that you take action.

It’s also important that your operating system, software applications and web-browsing software are kept fully up to date, with the latest security updates and patches installed.

IT security - Air IT support


Air IT is here to help

We offer a range of backup, business continuity and security solutions for all businesses of all sectors and sizes, helping you to be safe, secure and assured that you can recover your data in the event of any unforeseen security breach or disaster. We partner with industry-leading vendors and have an in-house Security Operations Centre run by our dedicated cyber security team.

If you’d like to find out more about our cyber security services or gain your Cyber Essentials certification, please don’t hesitate to get in touch.