How to spot phishing emails

Everyday, fraud organisations are sending phishing emails to all kinds of recipients, even to school staff members. Phishing refers to the aim of an email that tries to trick you into providing sensitive information. This could be login usernames and passwords, account numbers, or even confidential files. When it comes to protecting this kind of information, it is very important to be vigilant with each email you receive. We have created the mnemonic PEGASUS to help you to remember each of the steps to identifying a scam email. If you would like to download or print the graphic below, please click here.

Work through the following steps and scammers won’t stand a chance!


How personal does the email sound? If the sender addresses you with a generic title at the start of the email and continues to use non-specific language throughout, then this email might not be a legitimate message for you. Most phishing emails are sent in bulk to thousands of recipients at a time, so you should look for content that would make the email specific to you or your school. Look for references to previous conversations, to you, or to your school – if you don’t find any, then this could be the first sign of a phishing email. However, this is not a firm rule because if you are being targeted personally, then the scammer may have done some research to convince you that they are genuine. Check against the rest of these steps to be sure.

Email Content

Similarly to the previous point, it is important to check the body of the email for red flags. If the sender is making an offer that is too good to be true, this could highlight the email as a concern. If they mention an invoice for a product or service that doesn’t sound familiar, or if they claim to be from a company that you don’t normally have contact with, then there is a good chance that they are trying to get information from you illegitimately.


Since the first days of email fraud, a giveaway has always been in the spelling and grammar in the email. Scammers from all over the world will send phishing emails to recipients in many countries and will not always be successful in writing the emails using the correct language. Despite the variety of translation, spellchecking and grammar-checking tools available, this is still an indication to be found in scam emails today, so is always good to notice.


If you receive an email that seems suspicious, then it is very important that you do not open any attachments. Files attached to suspicious emails can be seriously dangerous once they have been downloaded or opened. Certain attachments will contain viruses capable of causing damage to your computer and files, while others will even spread and affect other devices across the school. Even if they look familiar, such as a PDF or Word document, they can still be harmful, so it is always better to be cautious and avoid clicking on any attachments that come with unusual looking emails.


Have a look at the sender address of the email. Depending on how you access your emails, it might be listed at the top of the email, or you may have to click on the sender name to see the address in full. Does it look long or complicated, or does it have a spelling mistake? If so, then it could be from a fake source. Even if the domain is spelled correctly, it may actually be different, by having extra words or symbols included, such as @facebook vs @face-book. Click on the sender to see the email address in full and make sure that the domain looks legitimate. If this is not the case, then it could be a scam. This is particularly important for recognising a scammer who is targeting you or the school personally. Most reputable organisations will use the same domain for both their emails and their website, which means that if the part after the @ symbol doesn’t match up with the website address you would normally use for a particular business, then it could be fraudulent.


A trick that scammers use to get us to give up our details is by making us feel under pressure to provide the information quickly. This might be by threatening you or saying that your account will soon be locked, or that you urgently need to pay an invoice. This is a very common way to tell that the email might not be all it seems. Disarm the sender by taking a moment to carefully check the email against PEGASUS. It is always better to be safe, so don’t let the emails trick you!

Sensitive Information

The clearest way to tell that an email is illegitimate is by noticing what the sender is asking of you. If you are being asked for sensitive information, such as passwords, account numbers, or sensitive information, then it is likely to be from a harmful source. Reputable businesses go to great lengths to make sure that sensitive data such as banking information is requested securely and that you feel comfortable submitting it. If you are typing important information into a form that feels unfamiliar, unprofessional, or otherwise strange, then take the time to check the website address at the top of your browser. As before, if anything is spelled wrong, or is different from a website you would normally use, then don’t trust it. Don’t even type into the form, as some websites can collect the information you type even before you submit the form.

What to do next

If you suspect that you have received a phishing email, do not click on links, do not open attachments, delete the email and if you have provided any information, change your password immediately, or ask us to. We are happy to confirm any suspicious emails that you receive, although if you follow PEGASUS this won’t be necessary, and you can simply delete the email.

It might seem like the simple task of checking your emails is fraught with danger, but most scam emails will give themselves away quite quickly. If you remember to be calm but cautious, then this article will have given you the tools that you need to protect your school and your files with confidence!

Comments are closed.