Published in cybersecurity, maritime email | 6 minutes reading time

How to identify a phishing email – 7 red flags to watch out for

Stay up to date!

* By subscribing to the latest news from our blog, you consent to us storing your email address, and sending you monthly emails. You can, at any time, retract this consent.

Waves of phishing attacks are hitting commercial ships and the maritime industry. Recognising email phishing at the user level is important. What are the key red flags your ship crews should be aware of to avoid getting scammed?

Phishing remains one of the biggest day-to-day cyber threats facing the maritime industry. A successful phishing attack typically leads to credential theft, unauthorised access to sensitive systems, and sensitive data breaches. This can potentially carry a financial liability not just to your company, but also to other stakeholders in the maritime transportation supply chain.  

What is phishing?

Phishing is a type of cyber attack that attempts to trick the email recipient into believing that the message is something they want or need – a request from their bank, for instance, or a note from someone in their company – and to click a link or download an attachment. These fraudulent emails are designed to make recipients hand over sensitive information, extort money or trigger malware installation on shore-based or vessel IT networks. 

Phishing emails vary in quality and may look official (as has been the case with Emotet), or they may be poorly worded/designed. As phishers become increasingly sophisticated, it’s becoming harder to distinguish a fake email from a genuine one. How do your onboard crew members tell the difference between a phishing email and a legitimate one?

Here are seven common features of phishing emails to help you and fleet crew recognise them and avoid taking the bait. 

1. It uses a generic salutation

Is the email addressed to ‘Dear valued member’, ‘Dear account holder’, ‘Dear customer’ or ‘Hello [your@email.address]’? If so, it’s a red flag. In most cases, a legitimate company you deal with will use a personal salutation with your first and last name. 

2. It requests sensitive information 

When a message contains a request for personal, business or financial information, alarm bells should ring. Legitimate companies are unlikely to ask for such information in an email. If they do, they usually make sure to inform you first in some other way and validate that the information will be secured.

3. The URL or email address doesn’t look right 

One of the most effective techniques used in phishing emails is to use a ‘from’ address that looks legit to an unsuspecting eye. For example, [] or [], where additional letters have been added. 

Hover your mouse over the link and review where it will take you. If it doesn’t look right, or is completely different from the link text, delete the email.

4. It has poor spelling and grammar 

Due to the spammy nature of email phishing, attackers aren’t exactly overly obsessed with making spelling mistakes or typos. Bad grammar is one of the easiest ways to recognise a scam email. On average, emails from legitimate organisations are well written or at least do not contain multiple spelling errors. Thus, an email filled with such mistakes is a clear warning sign that the message is likely to be fraudulent.

Overall, the use of language in a message may appear good, but on close inspection, you will spot punctuation errors, capitalisation errors, and relatively poor syntax throughout.

Read more: How to secure email traffic on ships

5. It includes suspicious attachments or links

Phishing emails all contain a payload. This will either be an infected attachment that you’re asked to download, or a link to a bogus website.

Infected email attachments are one of the most common methods of attack in a phishing attempt. An infected attachment is a seemingly benign document that contains malware. 

If you receive an email without having specifically requested that message, and it contains an attachment, watch out. It’s very likely a scam. Authentic organisations or institutions will rarely send you emails with attachments. Instead, they will direct you to download a document or a file on their website.

While some attachment file extensions are more prone to being harmful (e.g. .exe., .scr., .zip, .doc and .xls), all attachments may be viewed as suspicious (including PDFs). One common trick is to name an attachment with a double extension. For instance, ‘message-pdf.exe’ as, by default, Windows hides the file extension but will show ‘message-pdf’ as the file name. 

6. The message creates a sense of urgency

Many phishing emails try to make it sound as if there is some sort of emergency. For example, an email saying your account with [company name] is about to expire, and you must sign in as soon as possible to avoid losing all your data. Conveniently enough, there is a link in the email. If clicked, it will take you to a spoofed login page.

Beware of any emails that include urgent calls to action, particularly in the subject line.

7. The subject line contains Motor Vessel (MV) or Motor Tanker (MT) 

According to Safety4Sea, the use of the email subject line ‘Motor Vessel (MV)’ or ‘Motor Tanker (MT)’ is a common lure to entice users in the maritime industry to open emails containing malicious attachments.

When in doubt, what to do?

In their recent guide ‘Cyber Security Workbook for Onboard Ship Use’, BIMCO outlines a scenario in which the ship’s Master receives an email from the ship’s agent containing an attachment that looks suspicious. The Master can then call the agent to confirm the attachment is genuine before opening.

As a general rule, crew members should immediately inform your IT department or Security Operations Center (SOC) if something looks strange or suspicious. One option is to forward a screenshot of the email in question. It’s better to send something that turns out to be legit than to put your networks and operations at risk.


Every day, phishing emails are sent to ships worldwide. Over the past year, during the pandemic, we have seen a significant rise in the amount of email phishing targeting maritime shipping. These attacks are often used to gain entry to networks, e.g. IT or OT networks. By infecting a user onboard a ship, a gateway into the network is created and then used to further exploit and take over other systems. 

While security awareness training is necessary to combat phishing, implementing advanced email defences is the only viable way to ensure that your shipping company has ironclad cyber threat protection. 

To mitigate the continually evolving threat of email phishing, select a maritime-optimised email security system that offers multiple antivirus engines and smart anti-spoofing and anti-phishing features.


Download guide: Drafting a strategy for cyber resilience

How to identify a phishing email – 7 red flags to watch out for
Written by Rune Larsen, Service Marketing Manager

Rune Larsen is Service Marketing Manager in Dualog, with responsibilities for user experience design, visual design and marketing of existing and new services. Educated in business strategy and marketing from the Arctic University of Norway, he has more than 25 years of experience from the creative industry, where he worked as a writer, consultant, designer and creative director in various advertising agencies and design studios. He's been orchestrating brand identity projects, design work and brand building campaigns for a wide range of organisations. He brings a passion for great design to the team, never compromising on the importance of the 'experience' part of UX. When not at the office, he enjoys hiking with his wife or is busy being a football coach for his youngest daughter. His fitness regime involves either running or cross-country skiing. Rune is an avid reader of business-related books, and he loves the occasional bottle of Barolo.

Related blog posts