How to spot a phishing email: 7 signs

7 signs of a phishing email

Scammers may use different tactics to make their phishing emails appear legitimate. However, looking closely, you can usually identify a phishing email by spotting subtle errors and suspicious details. Here are some of the most common red flags:

• 1. Spelling and grammatical errors
• 2. A sense of urgency
• 3. Unusual requests
• 4. Offers that seem too good to be true
• 5. Suspicious links or attachments
• 6. Generic greetings
• 7. Incorrect email addresses

Scammers usually don’t spend much time polishing their sentences, so these emails may have spelling and grammatical mistakes. Whether it’s a typo or just awkward phrasing, these mistakes can indicate a phishing attempt. For example, phrases like “Dear costumer” or “Your accounts has been locked” could be a sign of a rushed phishing email. As a rule of thumb, legitimate companies usually send error-free emails, so it’s a good idea to stay away if you spot many mistakes.

Many scammers try to lower people’s guard and make them act without verifying the facts. That’s why phishing emails often pressure recipients to act quickly, claiming it’s the only way to avoid negative consequences like identity theft or unauthorized charges. This tactic creates a sense of urgency, making it difficult to think critically before responding. Don’t forget to pause for a moment and verify the message’s legitimacy before taking any action, no matter how urgent the situation may seem.

Unusual requests for personal and financial information are also a major red flag that you’re dealing with a phishing attack. Sometimes, scammers may even use email spoofing to make their phishing messages appear as if they are coming from a trusted source. Then, they ask for login credentials, Social Security numbers, or bank account information.

Do not respond immediately if an email demands urgent action or requests sensitive data through unsecured channels. Instead, contact the company directly using verified channels and ask if the request is actually legitimate.

Did you receive an email offering a deal that seems too good to pass up? Perhaps you have even mentioned online that you want something, and now, a perfect option seems to have fallen from the sky? Scammers may use irresistible offers, such as unbelievably low prices or exclusive rewards, to trick victims into handing over their personal information or making payments. Always be cautious: If an offer seems too good to be true, it probably is.

Phishing emails may also contain suspicious links. URL phishing involves malicious links that may appear legitimate but lead to fake websites that steal sensitive information. Always hover over any link that seems out of place to verify its real destination before clicking to avoid exposing your personal information or downloading malware. If you’d like to learn more about these risks, you can take a look at our guide on what happens if you click on a phishing link.

Similarly, attachments from unknown or unexpected senders can be dangerous. Avoid opening attachments unless you’re certain they’re safe, as they may contain malware or other harmful content. You can also check our guide to learn how to know which email attachments are generally safe to open.

If a company that usually personalizes its emails suddenly switches to a generic greeting, like “Dear Customer,” it might be a phishing attempt. Scammers often target large groups of people without having much personal information, so they may have to resort to generic greetings.

Generic email introductions aren’t always a sure sign of a phishing attack, so it’s important to assess the entire message. Scammers may use other convincing tactics, so stay alert and keep an eye out for additional red flags.

Scammers often use fake email addresses that may look legitimate at first glance to trick recipients into thinking the emails come from a trusted source. For example, scammers may use “rn” instead of “m,” “0” instead of “o,” and uppercase “I” instead of lowercase “l.” If an email comes from “@paypa1.com” or “@micros0ft.com,” it’s definitely a phishing attempt.

FAQ

What is a phishing email?

A phishing email is a fraudulent message designed to trick recipients into sharing personal information or clicking on malicious links. Common examples of phishing include requests to update payment information and fake notifications claiming you’ve won a contest.

How to prevent email phishing attacks

To prevent email phishing, use strong security features like spam filters and anti-phishing software to stop these phishing attacks from reaching you in the first place. These phishing detection methods can significantly reduce the risk of falling victim to a scam.

Where to report a phishing email

You can report phishing by forwarding the suspicious email to your email provider or the Anti-Phishing Working Group (APWG) at reportphishing@apwg.org. Email providers and the APWG accept reports from people worldwide. In the United States, you can also forward the phishing email to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov.