How to Spot a Phishing Email — Protect Your Business
You open your inbox on a Monday morning and there it is: an email from HMRC saying you're owed a tax refund of £847.63. All you need to do is click the link and enter your bank details. Sounds lovely, doesn't it?
It's a scam, of course. But it's a convincing one — complete with HMRC logos, official-sounding language, and a link that looks almost legitimate. These emails catch people out every single day. And when they succeed, the consequences range from annoying (a compromised email account) to devastating (a drained bank account or stolen client data).
Phishing — the practice of sending fraudulent emails that impersonate trusted organisations to steal information — is the most common cyber threat facing UK businesses. Sole traders are particularly vulnerable because there's no IT department screening your emails. It's just you, your inbox, and your judgment.
Let's sharpen that judgment.
What Is Phishing, Exactly?
Phishing is a form of social engineering. Instead of trying to hack into your computer through technical means, attackers try to trick you into handing over information willingly. The "bait" is an email (or sometimes a text message, phone call, or social media message) that looks like it comes from a trusted source.
Common Phishing Targets
- Banks — "We've detected suspicious activity on your account"
- HMRC — "You're entitled to a tax refund" or "Action required on your Self Assessment"
- Payment platforms — "Your PayPal account has been limited"
- Delivery services — "Your parcel couldn't be delivered, click here to rearrange"
- Software providers — "Your subscription is about to expire"
- Colleagues or clients — emails that appear to come from someone you know, asking you to transfer money or share sensitive information
Types of Phishing
Mass phishing is the scatter-gun approach — the same email sent to thousands of people, hoping a small percentage will fall for it. These are usually easier to spot because they're generic.
Spear phishing is targeted. The attacker has done research on you specifically — they know your name, your business, maybe even the name of a client or your accountant. These emails are much harder to detect because they feel personal and relevant.
Whaling targets high-value individuals like company directors. For sole traders, spear phishing is the more common threat, since you're often both the target and the person who controls the finances.
How to Spot a Phishing Email
1. Check the Sender's Email Address
This is your first line of defence. The display name might say "HMRC" or "Barclays," but the actual email address often tells a different story.
Look carefully at the full email address, not just the name displayed. Common tricks include:
- Misspelled domains — hmrc-gov.co.uk instead of hmrc.gov.uk
- Extra words — security-barclays@gmail.com instead of an actual Barclays domain
- Free email providers — any official organisation emailing you from a Gmail, Yahoo, or Outlook.com address is almost certainly fake
- Subtle substitutions — using "rn" to look like "m" (like "hmrc.gov.uk" vs "hrnrc.gov.uk")
2. Look for Urgency and Pressure
Phishing emails almost always try to create a sense of urgency. They want you to act before you think. Common pressure tactics include:
- "Your account will be suspended in 24 hours"
- "Immediate action required"
- "Failure to respond will result in legal action"
- "This offer expires today"
Legitimate organisations rarely demand immediate action via email. If something genuinely needs urgent attention, they'll usually contact you through multiple channels.
3. Hover Over Links Before Clicking
This is one of the most important habits to develop. Before clicking any link in an email, hover your mouse over it (without clicking) to see the actual URL it points to.
Does the URL match the organisation the email claims to be from? If the email says it's from your bank but the link goes to "secure-banking-login.xyz," that's a phishing attempt.
On mobile devices, you can press and hold a link to preview the URL without opening it.
4. Watch for Poor Spelling and Grammar
While phishing emails have become much more sophisticated, many still contain spelling mistakes, grammatical errors, or awkward phrasing. Official emails from banks, HMRC, and major companies are professionally written. If an email reads like it was put through a bad translator, be suspicious.
That said, don't rely on this alone — some phishing emails are now polished enough to pass casual inspection, especially those generated with AI tools.
5. Be Wary of Attachments
Unexpected attachments are a major red flag, especially if they're:
- ZIP files — often used to disguise malicious programs
- Office documents asking you to "enable macros" — this is a classic malware delivery method
- Executable files (.exe, .bat, .scr) — never open these from an email
- PDF files from unknown senders — while less risky than executables, PDFs can also carry malware
If you're not expecting an attachment, don't open it. If it claims to be an invoice or document from someone you know, contact them through a different channel to confirm they sent it.
6. Question Unexpected Requests
Did your "accountant" just email asking you to transfer £2,000 to a new bank account? Did a "client" send revised payment details? These are common spear phishing tactics — and they work because they exploit existing business relationships.
Before acting on any email that involves money, sensitive data, or changes to payment details, verify the request through a separate channel. Pick up the phone. Send a separate email to an address you know is genuine. Don't reply to the suspicious email itself.
What to Do If You Receive a Phishing Email
Don't Panic
Receiving a phishing email doesn't mean you've been compromised. It just means your email address ended up on a list somewhere. The email can only harm you if you interact with it.
Don't Click, Don't Reply
Don't click any links, don't open any attachments, and don't reply. Even replying to say "this is a scam" confirms to the attacker that your email address is active.
Report It
- Forward suspected phishing emails to report@phishing.gov.uk (the National Cyber Security Centre's reporting address)
- If it impersonates HMRC, also forward it to phishing@hmrc.gov.uk
- If it impersonates your bank, forward it to your bank's dedicated phishing reporting address (usually listed on their website)
Delete It
Once reported, delete the email. If you're worried it might be legitimate, go directly to the organisation's website (type the address yourself, don't use any links from the email) and log in to check your account.
What to Do If You've Fallen for a Phishing Attack
First: don't be embarrassed. Phishing attacks are designed by professionals to trick people. It happens to smart, careful people every day. What matters is how quickly you respond.
If You Clicked a Link
- Run a malware scan on your device immediately
- Change your passwords for any accounts you may have logged into through the phishing link
- Enable two-factor authentication if you haven't already
- Monitor your accounts for suspicious activity over the following weeks
If You Entered Login Credentials
- Change the password immediately on the affected account
- Change the password on any other account where you used the same password (and start using a password manager so this doesn't happen again)
- Check for unauthorised access — look for unfamiliar login locations, email forwarding rules, or account changes you didn't make
If You Shared Financial Information
- Contact your bank immediately and explain what happened
- Report it to Action Fraud on 0300 123 2040 or at actionfraud.police.uk
- Monitor your credit report for signs of identity theft
Protecting Your Business Long-Term
Train Your Brain
The more phishing emails you see, the better you'll get at spotting them. HMRC, the National Cyber Security Centre (NCSC), and various banks publish examples of current phishing campaigns. Reviewing these periodically keeps your radar sharp.
Use Email Filtering
Most email providers (Gmail, Outlook, Yahoo) have built-in spam and phishing filters that catch the majority of malicious emails. Make sure these are enabled. They're not perfect, but they significantly reduce the volume of phishing emails that reach your inbox.
Keep Your Software Updated
Outdated software can have vulnerabilities that phishing attacks exploit. Keeping your operating system, browser, and business tools updated closes these gaps. Cloud-based tools like Accounted handle updates automatically on the server side, but anything installed locally needs your attention.
Back Up Your Data
If a phishing attack leads to ransomware — malware that locks your files and demands payment — having a recent backup means you can restore your data without paying. Our guide to backing up your business data walks you through setting this up.
Consider Cyber Insurance
For sole traders handling sensitive client data or significant sums of money, cyber insurance is worth investigating. It can cover the costs of responding to a breach, including legal fees, notification costs, and lost income. Premiums for sole traders are typically modest — often under £200 per year.
Common Phishing Scams Targeting UK Sole Traders
To help you stay vigilant, here are some phishing scams that specifically target sole traders and small businesses in the UK:
- Fake HMRC refund emails — promising a tax refund if you "verify" your bank details
- Fake Self Assessment deadline warnings — urging you to log in via a fake HMRC portal
- Fake supplier invoices — an email with an attached "invoice" that's actually malware
- CEO fraud — an email apparently from a senior person in a company you work with, asking for an urgent payment
- Fake bank security alerts — claiming your business account has been compromised and asking you to "secure" it by entering your details on a fake website
Stay Vigilant
Phishing isn't going away. As security measures improve, so do the attackers' tactics. The best defence is a combination of technology (spam filters, antivirus, two-factor authentication) and awareness (knowing what to look for, pausing before you click).
It takes just a few seconds to check an email address, hover over a link, or verify a request through a different channel. Those few seconds can save you from a world of trouble.
For a broader look at protecting your business online, see our guide to cyber security for sole traders.
Accounted helps UK sole traders stay on top of their bookkeeping and tax. Start your free 30-day trial at getaccounted.co.uk
Related reading:
- Cyber Security for Sole Traders — 5 Things to Do Today
- Password Managers for Business — Why You Need One
- How to Back Up Your Business Data (And Why Most Sole Traders Don't)
Related Reading
- Exception-First Workflow — Why You Only See What Matters
- The Best Invoicing Apps for UK Sole Traders
Start your free trial and see how Accounted simplifies your bookkeeping.
Editorial & Research
The Accounted editorial team covers software comparisons, technology, and the tools UK sole traders need to run their businesses efficiently. All software comparisons are based on independent research and publicly available pricing.
Ready to try Accounted?
Join UK sole traders who are simplifying their bookkeeping and tax.
Start your 14-day free trial