How to Spot a Phishing Email Before It's Too Late

Phishing is the most common way attackers gain access to business systems. It doesn't require sophisticated technical skills — just a convincing email and one distracted staff member. For a busy dental or medical practice, that's a realistic risk every single day.

The good news is that most phishing emails have recognisable patterns. Once you know what to look for, you catch them before they cause damage.

What is a phishing email?

A phishing email is a fake message designed to trick you into doing one of three things:

• Clicking a link that takes you to a fake login page (credential harvesting)
• Opening an attachment that installs malware on your device
• Replying with sensitive information or authorising a payment

The emails often look like they come from trusted sources — Microsoft, the ATO, Medicare, a supplier, or even a colleague.

Warning signs to look for

1. The sender address doesn't match the display name

The display name might say "Microsoft Support" but the actual email address is something like support@microsft-helpdesk.com. Always check the actual address, not just the name shown in your inbox. Attackers rely on the fact that most people don't look past the display name.

2. Urgency and pressure

Phishing emails frequently use urgency to short-circuit your judgement. Phrases like "Your account will be suspended in 24 hours", "Immediate action required", or "Final notice" are designed to make you act before you think. A legitimate organisation rarely needs you to do something in the next hour.

3. Unexpected links or attachments

If you weren't expecting a document, invoice, or login request, be suspicious. Hover over any link before clicking — the URL shown in the bottom of your browser should match what you'd expect. A link claiming to go to myaccount.microsoft.com but actually pointing to ms-login.support-portal.net is not Microsoft.

4. Generic greetings

Legitimate services you use know your name. "Dear Customer", "Dear User", or no greeting at all are signs the email wasn't sent specifically to you — it was blasted to thousands of addresses.

5. Poor grammar or unusual phrasing

Many phishing emails originate overseas and contain subtle grammar errors, odd punctuation, or phrasing that doesn't quite sound right. This has become less reliable as attackers increasingly use AI to write convincing text — but it's still a useful signal.

6. Requests for credentials or payment

Microsoft, your bank, Medicare, or any legitimate organisation will never ask you to confirm your password by clicking a link. If someone is asking for login details or a bank transfer via email, treat it as a red flag regardless of how convincing it looks.

What to do if you're unsure

• Don't click any links or open attachments until you've verified the email is legitimate
• Contact the sender via a different channel — phone them using a number you already have, not one provided in the email
• Report it to your IT or security provider so they can investigate and block the sender
• Never reply to the suspicious email — that confirms your address is active

What if someone already clicked?

If a team member clicked a link and entered their credentials, act quickly:

1. Change the password on that account immediately
2. Check for any forwarding rules that may have been set up in the mailbox
3. Notify your IT or security provider — they can check for further compromise
4. If patient data may have been accessed, consider your obligations under the Privacy Act

Training your team

Technical controls help, but your staff are the last line of defence against phishing. Regular training — even just a quick monthly reminder of what to look for — significantly reduces the chance of a successful attack. Practices that run simulated phishing tests consistently see improvement in staff awareness over time.