Home › Insights / news › Could you spot a phishing email?

Phishing

Could you spot a phishing email? A quick guide for everyday staff

Insights · Key IT · By Peter Fotias, Technician · Published 22 December 2025 · Updated 12 June 2026

The signs of a phishing email every staff member should know — with real examples — and what to do if you think you've clicked.

A quick, practical guide every staff member can use — because most breaches start with one click.

The majority of cyber attacks on Australian businesses begin with a phishing email: a message designed to trick someone into clicking a link, entering a password, or paying a fake invoice. The good news is that with a little awareness, most phishing is catchable. Here is what to look for.

The classic warning signs

A sense of urgency.

"Your account will be closed in 24 hours." Pressure is designed to make you act before you think.

An unexpected request.

A login prompt, a payment, or a document you were not expecting.

A mismatched sender.

The display name looks right but the actual email address is subtly wrong — a lookalike domain or a public address.

Links that do not match.

Hover over a link (without clicking) and check whether the real destination matches what it claims.

Requests for credentials or payment changes.

Especially a "supplier" advising their bank details have changed.

The newer, harder-to-spot signs

Be aware that the old advice about typos and bad grammar is increasingly outdated. AI now writes flawless, convincing phishing emails, and attackers often send from genuinely compromised accounts of people you know. So treat unexpected requests involving money, passwords or sensitive data as suspicious even when the email looks perfect — verify through a separate channel.

The golden rule

If an email asks you to do something involving money, credentials or sensitive information, and anything about it is unexpected — stop and verify using a known phone number, not the contact details in the email. Thirty seconds of verification beats a breach.

What to do if you think you clicked

Do not panic, and do not hide it — speed matters more than embarrassment. Disconnect the device from the network if you can, change your password from a different device, enable multi-factor authentication if it is not already on, and report it to your IT team immediately. A fast report often means the difference between a non-event and an incident. If you are a Key IT client, our SOC can act on it right away.

Why training your team pays off

Your staff are both your biggest risk and your strongest defence — the difference is awareness. Regular, low-key training and simulated phishing measurably lift how often people spot and report attacks. See how it works on our phishing simulation page.

FAQ

Frequently asked questions

What are the signs of a phishing email?

Urgency, unexpected requests, mismatched sender addresses, links that do not match their text, and requests for passwords or payment changes.

Can phishing emails look completely legitimate?

Yes. AI now writes flawless phishing, and attackers use compromised real accounts. Verify unexpected money or credential requests through a separate channel regardless of how the email looks.

What should I do if I clicked a phishing link?

Disconnect the device, change your password from another device, enable MFA, and report it to IT immediately. Speed limits the damage.

How do I protect my business from phishing?

Multi-factor authentication, email filtering, staff training and monitoring together dramatically reduce the risk.

Test how your team would do

Book a free phishing simulation demo and find out — safely. Call 1300 053 948.

Keep exploring

Related Key IT services

24/7 security operations centre→Essential 8→Managed cybersecurity→Incident response→

Keep reading

More insights

Phishing12 December 2025

Book your free IT & Cyber Security Review

See exactly where your IT and security stand, and what to fix first. No jargon, no obligation.

Book a Free Review Call 1300 053 948