The latest news and views from Gibson Lamb

The place for updates on financially significant world events; our views on market developments; and news about our approach to doing business, including our focus on sustainability.

Ok folks, this is why we pay attention! (strange phishing emails)

Ok folks, this is why we pay attention! (strange phishing emails)


Date published

The other day we received an email from “”.

This particular email came from a Savills email address with the subject “*********APPROVAL REQUIRED ACTION*********” and had asked me to download some attachments.

I know that sometimes an innocent click of a button can allow people access to your personal information and though I don’t know the technical ins and outs of how they do it, normally I can tell it’s not a good idea to click, based on things like:

  • This is not something you expected to receive
  • The email subject or body seems to have bad grammar or strange language
  • The email address is slightly mismatched from the real domain of the company.

Because the end of the email address matched the Savills website address, I was thinking perhaps this something I do need to action? But the fact that there was a capitalisation error in the request made me wonder more. Luckily, I decided to email them – see screenshot below which also shows the way the original email appeared.

Ok folks, this is why we pay attention! (strange phishing emails)

I then got the reply from Savills.

Good Afternoon

We have been advised that you may have received an email entitled “Savills  (Henry Davies)  *********APPROVAL REQUIRED ACTION*********”  appearing  to be from “”

Please delete this email from your mailbox and contact your IT Service provider to arrange to get your password reset should you have entered any password details.


Nowadays people are getting more and more sophisticated about how they disguise these emails, but usually the bad writing/capitalisation/grammar issues, and out of character / unexpected topic are a clear sign – better to always check.

If you are in any way suspicious of an email with an attachment or a link, it’s better to be safe than sorry! Don’t open the attachment or click on the link.

Instead do one of these 2 things:

  1. Clean email: Create a fresh email to any contact you know at the same company and say “Hope you are well. I got an email from your email address and it has a link, and I wanted to check if you know anything about it?” and add a bit of detail. Don’t send on the attachment or link though, just a description of what it’s about.
  2. Reply but don’t click: Or, just hit reply to the person and say “I am sorry I am not sure if I really should click on this link as we’ve seen a lot of phishing emails lately” and see what the reply is. If the reply comes back and once again the person is unfamiliar in their use of language, that can reinforce your suspicion.

It’s best to be safe and aim to question rather than click, and it may even open a new line of communication with your contact at that company – and who knows where that could lead!