Phishing scams have proven to be an effective tool for cyber criminals to defraud unwitting businesses and members of the public out of vast sums of money. These emails, which are designed to look like they come from genuine companies or institutions, are becoming more sophisticated every day. However, there are still chinks in the armour that you can easily spot – provided you know where to look.

Here are the 3 ways to easily determine whether or not an email is genuine or a phishing scam.

1. It uses a suspicious email address

If your bank or building society is sending you an email, it won’t ever do so from a Gmail account. In fact, even Google itself doesn’t! It’s the same for Hotmail, Outlook and all other public email providers. So always check the mail sender before clicking through any links (or, better still, do it before you decide to open the message at all).

Similarly, but slightly sneakier, is the mis-spelled email address. With cyber criminals knowing that people are alert to dodgy-looking email addresses, some will instead use slight misspellings of the business they purport to represent, in the hope that users will gloss over the error. So be vigilant, and ensure your email from Barclays doesn’t come from @barclys.com, for example.

2. Beware of urgent demands and suspicious links

Cyber criminals prey on fear, and know that people are more likely to make the wrong decision if they’re under time pressure. This is why many phishing emails come with demands to act now, or risk serious fallout. Genuine companies won’t put such pressure on customers, so any sense of urgency should always be seen as a major red flag.

With the luxury of time you’re more likely to notice spurious links before you click on them. Your bank isn’t going to send you to a dodgy website through a button in an email, so take a second to hover over any links before clicking them, to see where they would take you. This only requires a few seconds, but gives you a clear indication of what kind of link you’re being asked to click.

3. Look out for spelling and grammar issues

For all their prowess with coding, hackers aren’t always so hot on the prose. Poorly written communications are the simplest way for even the least technologically minded person to identify whether an email is legitimate or not. If it’s peppered with spelling errors and bad grammar, it’s unlikely to have come from a big business with whole teams of copywriters.

Follow these three simple rules and you should be able to spot even the wiliest phishing scams with ease.