Rewind to a few weeks back, I received an email from a ‘lawyer’ stating that a third party was about to register my UK business name as a trademark, and that I had a limited window to ‘secure priority’ before I lost the rights forever. Not knowing much at all about intellectual property or law in general, it piqued my interest.
This was, of course, complete rubbish I thought, however, at the time I had to stop and think – hang on, is this legit or not, after all, it went through our finely configured spam system without being flagged?!
And so, I want to break down how I determined it was fake, as there are two completely different lenses you can use to spot a scam, and understanding the difference will make you significantly more resilient in the future. There are also a few tech tools you can use, too!
The two lenses: Content vs Premise
The Content.
This is what most of your cybersecurity awareness training teaches you. Look at the message itself and identify errors to determine legitimacy:
- Does it create a false sense of urgency?
- Is there something off with the grammar?
- Is the email signature formatted correctly?
- Is the domain spelled correctly (exampIe.com instead of example.com [The first one is a capital i instead of an L])?
- Have you received an email from this sender before or get an “external sender” notification?
- Does it try to push you to a different communication method (phone, shared/public link, etc)?
The Premise.
This is where the finer details are often overlooked. Instead of asking ‘does this message look wrong’, you could ask ‘could the sender know what they claim?’.
In my instance, the facts (or lack of) that stood out were as follows:
- The business name was a shortened name, not the official registered entity name with Public House UK (strange, as it would have been more convincing if they had used the public/formal name),
- They contacted me as the ‘director’ of a company that I was removed from as a contact from well over a year ago. So, they either had stale information, or were simply blanket targeting a large quantity of people,
- They sent the email to an address that never appeared on any UK public record, in fact, it didn’t exist when I was on the register.
And all this without even mentioning that the domain name was created 2 days before the first email was sent (you can search any domain here to find out MX Toolbox), and that their website looked like AI slop (this is, of course, more subjective). To this day, the links to their social media still have a placeholder URL that goes nowhere.

Why the difference matters
Content based analysis should tell you, ‘this message seems wrong’ and is your primary line of defence to catch low-effort scams and move on checking the next item in your inbox.
- Premise-based investigation tells you that the story can’t be true regardless of how well it’s written. This matters now more than ever:
- AI has erased the majority of bad grammar & language barrier of the ‘old days’, and often now reads like a mid-tier solicitor wrote them,
- There is a lot of public information out there that can be used to appear legitimate (especially when you obtain official templates, more on this below),
- It’s cheap to reach an endless amount of people before being flagged by spam systems; activate numerous domains, send emails to thousands per hour, repeat until you get a response,
- Their cross-checking efforts are minimal; you still need invest some time and effort to investigate.
The reality is that as AI provides a larger platform for scammers to target individuals, the premise becomes somewhat more difficult to establish, as the devil is quite often in the details.
Recent Example
A client recently attended their bank (yes, in person) to address an email that was convincingly requesting them to verify company details. The entirety of the email contained publicly available information, and was using it in a clever way, including formal language to make it appear legitimate (with what appeared to be a modified official bank template).
The client subconsciously obeyed the “verify the entity, not the message” (more on this below) by visiting the establishment, and immediately eliminated the threat, so the outcome was a positive one and, somewhat interestingly, shows that awareness training can go a long way to protect your business and client data. I’ve kept actual details kept vague on purpose (reach out if you have any particular questions).
Key Takeaways
Assume unsolicited urgent messages are unproven. Legitimate businesses, especially government bodies, do not rely on pressure tactics and urgency.
- Apply the ‘Stop & Think’ rule and ask how they would know certain bits of information that they claim to know, and if there is relevance between fact and the topic.
- Verify the entity, not just the message. Use publicly verifiable information to check that they are a legitimate firm, with tools such as MX Toolbox to identify when the domain name was created or registered (activated or changed recently should be a major red flag), check if the domain is on any blacklists, see if they have LinkedIn or online profiles, etc.
- Never engage on sender terms and do not follow external links. Similar to my previous recommendation to sales teams (never follow a cloud link to access a lead or client’s personal files), the same can be said for vendor engagement. Keep the playing field on your terms, and bring people into your environment to do business, not the other way around. Afterall, this is where your configured safeguards (i.e. your ‘tech walled garden’) work best to protect you.
- Report, don’t just delete. Reporting phishing to your IT team (or to the appropriate governing body, if you are in a regulated environment), helps to make the ecosystem safer for everyone; deleting only protects you. In some cases, we have been able to delete malicious websites entirely by providing evidence of their behaviour to authorities and hosting entities. Small drop of water, big ocean, of course:- but I’d argue that every little bit helps.
Final Thought
Unfortunately, the next generation of scams won’t look like scams. They’ll be your vendor or existing clients reaching out to engage with you as ‘business as usual’, however, unbeknownst to you, their account has been compromised. The attacker has learnt their ways of talking, have access to their systems, and will be harder to identify. The next generation of scams will look like real people. You will join a new opportunity sales Zoom video call, and have an entire conversation with somebody completely fake at the other end. You will engage with them via email, and at some point, they will attempt to trick you.
Humans are the last line of defense. Stay sharp out there!
#CyberSecurity #Phishing #ScamAwareness #SmallBusiness #InfoSec

