Although some emails may not initially appear to be malicious, they may still contain a variety of hidden threats. Keyfort have put together a few simple things to check if you are ever unsure if an email is safe, this can help towards avoiding some of the most common cyber security threats.

The Senders Address

Unsure if an email has been sent from a legitimate person or organisation? Check if the domain is the same as where you would expect the email to be sent from. For example, if you receive an email from Royal Mail, you would expect the domain to be the same as their main website ‘‘, but the example shows that the domain is ‘’.

Spelling & Grammar

See a lot of spelling and/or grammar mistakes? Be suspicious! A genuine email from the organisation may contain spelling & grammar mistakes, but it is unlikely that it will contain many. In the example below, there are quite a few grammar mistakes. This is particularly obvious in the second to last line of the example ‘This is automatically generated email, please unsubscribe if you do not want receive email’s from us‘.


Do not click a link before you know whether it is legitimate or not! Hover over the hyperlink and see where the link goes to. The example below is a screen capture of what can be seein in Outlook when hovering over 2 links within the email. When hovering over the link ‘View Information‘, you would expect it to link to the Royal Mail website, but this links to an entirely different website. When hovering over the link ‘Unsubscribe‘, you can see that it contains a spelling mistake – ‘unsubscrube


Always check the extension of an attachment before opening them! Make sure the email is not malicious. The example below shows a screen capture of an attachment that has 2 file extentions ‘‘, it is likely that this is a malicious attachment.

Want more information on how to improve you cybersecurity? Visit our cyber security checklist

Want to ensure PC antivirus protection? Find out more about Next Generation PC Antivirus

Feel your organisation may be vulnerable? Have a look at Keyfort’s Vulnerability Scanning