Email is still one of the most common tools used by bad actors to trick people into sharing information, clicking harmful links, or making payments they shouldn’t. These emails are often designed to look convincing and sometimes almost identical to a real message from a business you trust.

The good news is that there are a few easy, practical checks that can help you quickly spot when something isn’t quite right.

Here are some quick pointers to help you stay secure and protect your organisation.

1. Take a second to check the sender’s address

At first glance, the sender name might look legitimate – scammers rely on this. The real giveaway is the email domain.

For example, a genuine company email might come from:
  • @organisationname.com
Whereas an impersonator might use something like:
  • @organisationname.co
  • @orgname-support.com
  • Or a domain with subtle typos (e.g. swapping letters, adding numbers – in this example 0rganisationname.com)
If the domain looks unusual, unexpected, or slightly off, treat the email with caution.

2. Look for unexpected or unusual requests

Most suspicious emails follow the same patterns. Be wary if the email asks you to:

  • Share passwords or login codes
  • Download an attachment you weren’t expecting
  • Pay an invoice or change bank details urgently
  • Click a link to “unlock”, “verify”, or “secure” your account
  • Provide sensitive details (e.g. financial information, ID documents)
Legitimate organisations rarely ask for these things out of the blue.

3. Pay attention to tone and formatting

Even well-disguised emails often contain small inconsistencies, such as:

  • Spelling mistakes
  • Odd spacing or alignment
  • Unusual tone or phrasing
  • Logos that are low-resolution or slightly the wrong colour
  • Generic greetings like “Dear Customer” instead of your name
  • Multiple fonts or colours in text
If something feels “off”, you’re probably right, so double check.

4. Hover before you click

Before clicking anything, hover your mouse over the link (without clicking). In most email clients this will reveal the real destination URL.

Things to look out for:
  • Links that don’t match the text shown
  • Long, strange URLs
  • Misspellings or odd-looking domains
If you weren’t expecting the link, it’s always safer to check before interacting.

5. Trust your instincts (and your tech)

If an email creates pressure, urgency, or a sense that something bad will happen unless you act immediately, pause for a moment.

Scammers rely on speed and distraction. Slowing down removes their advantage.
It also helps to pay attention to notifications from your email provider or security tools. Many platforms will flag things like:
  • “You haven’t received messages from this sender before”
  • “This email looks unusual compared to others you receive”
  • “This message contains links that may be unsafe”
These alerts don’t always mean the email is fraudulent, but they are a good reason to stop and take a second look.

6. When in doubt, contact the organisation directly

If anything feels unusual, reach out to the organisation using a contact method you trust — such as their website, your normal representative, or an official phone number.

Avoid replying directly to the suspicious email.

7. A quick note about Sonovate

All genuine messages come from our official Sonovate domain, such as:

  • @sonovate.com
  • @email.sonovate.com (used for some system messages)
If you ever receive an email that doesn’t look right or you’re simply unsure, please feel free to contact us directly, we’re always happy to verify it for you.
Staying safe doesn’t have to be complicated

A few simple habits go a long way in avoiding email scams. Most suspicious emails are spotted within seconds once you know what to look for.