Phishing is an important component of social engineering. The numerous tell-tale signs of a phishing email can be divided into 4 groups: communicator; context, content, and composition. The table below summarises how easy these signs are to spot.
Email recipients are more likely to be deceived by a phishing email read on a smartphone than a desktop machine.
Other risk factors are time pressure and organisational change which makes it harder to discern whether the context of the email is appropriate (unusual requests are not regarded as suspicious by email recipients if they are not familiar with organisational changes that have been made).
A well-crafted, untargeted phishing email can dupe as many as 30% of users in almost any organisation.