Tips for Spotting Phishing Emails

Marc Aiello
Tips for Spotting Phishing Emails

Phishing emails are one of the most common ways hackers infiltrate organizations since they target the most vulnerable point in an organization: its people.

As your partner in all things safety, sharing knowledge across the Reciprocal and beyond is critical in helping us turn the corner on patient safety. When it comes to remaining vigilant about cybersecurity, we believe consistent training is key to mitigating risk.


HIROC Subscribers are encouraged to share this resource with their staff to reinforce internal education programs around cybersecurity risks. If you have any questions, please don't hesitate to reach out to us at

Why are phishing emails a concern?

Phishing emails can result in ransomware and malware attacks, disruption, and downtime. They can also lead to criminals accessing your email accounts, changing passwords, and gaining access to critical applications or personal health information.

Common characteristics of phishing emails

Cyber criminals and fraudsters design their phishing emails to display in various deceptive ways, such as pretending to be a member of your organization’s executive team, admin, IT departments, or mask themselves as popular applications and services such as Zoom, Microsoft Teams, Outlook, UPS, Dropbox, Google, Facebook, and more.

These emails frequently contain messages with urgent requests, and may entice you to act on something, like clicking a link, downloading a file, or divulging private and sensitive information.

Tips to help spot phishing emails

  • Pay close attention to the “external email” warning banner, which will display when an email is coming from outside of your organization.
    • If you do not have an email warning banner system already set up, it is necessary to do so for proper cyber hygiene.
  • If you receive a message from a colleague within your organization or someone you know, but the tone or wording does not sound like them, try calling the sender or getting ahold of them in a different way first to verify them before taking any action on the email.
  • If a colleague is asking you to attend a meeting, click a link, or download a file, it will always come from an email address that is part of your organization.
    • You can check if a sender is part of your organization by looking at their domain name. A domain name is a unique, easy-to-remember address used to access websites, such as,, and Do not click on any links from a sender that is outside of your organization without verifying first. When in doubt, pick up the phone and call your colleague to confirm.
  • If there is a sense of urgency from the sender demanding immediate action on an email (this could be from someone external, or even within your organization whose email may have been compromised) – be vigilant. If you receive an attachment or link that you were not expecting, the attacker is likely trying to rush you into making a hasty mistake.
  • To check if a link is phony, hover your cursor over any links or buttons to display its URL (Uniform Resource Locator). Do not click any unfamiliar URLs, especially from senders emailing from outside your organization.
  • When in doubt, always forward suspicious emails to your organization’s IT team or helpdesk for verification.

Want more HIROC phishing email tips? Download a copy of our guide today.

Other HIROC Cybersecurity Resources

This is a resource for quality assurance and risk management purposes only, and is not intended to provide or replace legal or medical advice or reflect standards of care and/or standards of practice of a regulatory body. The information contained in this resource was deemed accurate at the time of publication, however, practices may change without notice.