Responsive image

Avoid the phishing net: how to spot email scams  

Email phishing scams are getting harder to spot. Don’t get caught in the net.

A compromised bank account. An urgent subscription renewal. A time-sensitive investment opportunity. These are just some of the phishing emails that get sent to thousands of inboxes every day.

Although these generic malicious mailouts can sometimes be easy to spot, scammers have upped their game with an approach called spear phishing, which is much more sophisticated – and successful.

Spear phishing messages make up less than 0.1% of total email volume but are responsible for 66% of data breaches.

What is spear phishing?

Spear phishing emails are aimed at specific individuals and often at specific times. For example, you might be midway through a property or investment transaction and receive a request to transfer funds from the other party.

For this type of attack, scammers gather information in advance. This enables them to craft a highly personalised context-aware email that appears completely genuine. To add authenticity, the fraudsters might hack a trusted email account, copy the format of a previous legitimate message or create a fake website.

Who is at risk from spear phishing?

Although spear phishing attacks are frequently aimed at business leaders or high net worth individuals, we’re all at risk both in our professional and personal lives.

Law firms are often in the cyber scammers sights as they handle sensitive details and high-value transactions on behalf of their clients. One survey found that successful cyberattacks against UK law firms rose by 77% in the space of a year.

For example, a scammer might create a fake email account and send a message to a client providing ‘new’ bank details for a payment that they know is due soon, such as an invoice.  Fraudsters might even find out that you are selling a property or a business via websites or marketplaces and hack your email accounts, so they can track the progress of the transaction. They will then send a message with bogus payment details, which is perfectly timed for a planned funds transfer.

How can I spot a phishing email?

Spear phishing attacks can be very hard to spot – especially with the advent of AI. According to cyber security watchers, spear phishing emails have a click through rate of up to 25% compared with just 5% for a bulk untargeted message. Add AI into the equation and the spear phishing click through rate can be as high as 54%.

With the variety and volume of email scams growing, staying vigilant is more important than ever before. According to one report, security filters caught one phishing email every 19 seconds in 2025, more than double the rate of the previous year.

Even if you use the latest cyber security tools, malicious messages can still make it to your inbox. It’s estimated the average Brit receives around 240 scam emails or texts a year.

There are, however, some basic checks that can help you identify malicious messages. Any or all of the following could be a sign that an email is not genuine – especially if it is unsolicited:

  • Incorrect spelling or poor grammar
  • Lack of personal greeting
  • Suspicious sender address
  • Appeal for immediate action
  • Unusual payment methods
  • Request for personal information.

Even if you recognise the sender of an email, it’s still important to be cautious especially when money is changing hands. If there’s any doubt, contact the organisation by another means to check before making a payment or sharing personal information. Don’t use any of the contact options in the email as these could also be fake.

How can I stay safe online?

Fraudsters don’t just operate on email. Social media ads, phone calls, QR codes and websites can also act as an entry point for a scam. As a result, staying safe online is becoming increasingly difficult. According to one report, two in three UK adults have fallen for a scam.

If you receive a suspect email, text or WhatsApp message, here are some points to remember:

  • Don’t open any attachments or click any links or buttons
  • Don’t respond even if you want to tell the scammer the game is up
  • Do report it. For example, phishing emails can be forwarded to: report@phishing.gov.uk
  • Do block the sender and mark the message as spam.  

If you’ve lost money or been hacked because of an online scam, you can report the incident online or call 0300 123 2040. Your cyber security is our priority. Before making any payments, always call one of the Attwaters team on 0330 221 8855 to confirm the details – never trust email instructions alone

We are recognised by:

  • Resolution (Solicitors Family Law Association)
  • Chambers & Partners
  • Legal 500
  • Law Society Family Panel and Advanced Family Panel
  • Society for Trust and Estate Practitioners (STEP)
  • Law Society Clinical Negligence Panel
  • Law Society Lexcel Accreditation
  • Association of Personal Injury Lawyers
  • Action Against Medical Negligence Panel
  • Law Society Conveyancing Quality Scheme Accreditation

Awards and Accolades

  • acn clinical negligence
  • acn conveyancing quality
  • acn family law
  • The Legal 500 – The Clients Guide to Law Firms
  • Best places to wok in UK
  • MHFA
  • cyberessentials certified plus
  • ERC Endorsement
  • Lexcel
  • AVMA
  • SCIL
  • SFE_FAM
  • Brain Injury Group