Recognizing Phishing Emails
Spot fake emails before they trick you. Learn the telltale signs of phishing attempts and how to protect yourself.
Recognizing Phishing Emails
Phishing emails are designed to trick you into giving away personal information, clicking malicious links, or downloading harmful attachments. Here’s how to spot them.
What is Phishing?
Phishing is a type of social engineering attack where criminals send fake emails pretending to be from legitimate organizations. They might claim to be your bank, a popular service like Netflix or Amazon, or even a government agency.
The 5 Red Flags of Phishing
1. Urgency and Fear
Phishing emails often create a sense of panic:
- “Your account will be suspended in 24 hours!”
- “Unusual activity detected on your account!”
- “Your payment failed - update now!”
Remember: Legitimate companies rarely demand immediate action via email.
2. Suspicious Sender Address
Always check the sender’s email address carefully:
| Looks Like | Actually Is |
|---|---|
| support@amazon.com | support@amaz0n-secure.com |
| noreply@paypal.com | noreply@paypa1.com |
| security@bank.com | security@bank-secure.info |
Tip: Hover over the sender’s name to see the actual email address.
3. Generic Greetings
Phishing emails often use vague greetings because they’re sent to thousands of people:
- “Dear Customer”
- “Dear User”
- “Dear Account Holder”
Legitimate companies usually know your name.
4. Poor Grammar and Spelling
While not always present, many phishing emails contain:
- Spelling mistakes
- Awkward phrasing
- Missing words
- Inconsistent formatting
5. Suspicious Links
Before clicking any link:
- Hover over it to see the actual URL
- Check the domain - is it the real company’s website?
- Look for HTTPS - though this alone doesn’t guarantee safety
Example of a suspicious link:
- Text says: “Click here to verify your Amazon account”
- Actual URL:
http://amazn-verify.suspicious-site.com/login
What Phishing Emails Want
Phishing attempts typically try to get you to:
- Enter login credentials on a fake website
- Download malware disguised as an attachment
- Reveal personal information like Social Security numbers
- Send money via gift cards or wire transfers
Real vs. Fake: Examples
Fake Email Signs:
- “Dear Valued Customer” (generic greeting)
- “Click here immediately” (urgency)
- Links to
amazom-secure.com(misspelled domain) - “Your account will be terminated” (fear tactics)
How to Verify:
- Don’t click links in the email
- Open a new browser window
- Type the company’s official website directly
- Log in normally to check for any real issues
What to Do If You Suspect Phishing
- Don’t click any links in the email
- Don’t download attachments
- Don’t reply to the email
- Report it to your email provider (usually a “Report phishing” button)
- Delete the email
If You Already Clicked:
- Don’t enter any information
- Close the browser window
- Run an antivirus scan
- Change your passwords if you entered any
- Monitor your accounts for suspicious activity
Quick Reference Checklist
Before trusting an email, ask yourself:
- Is the sender address legitimate?
- Does it address me by name?
- Is it free of spelling/grammar errors?
- Do the links go to the real company’s website?
- Is there a logical reason for this email?
- Does it avoid urgent/threatening language?
If you answered “no” to any of these, proceed with caution!
Next Steps
Want to learn more about staying safe online? Check out our guide on Safe Browsing Habits.