To identify a phishing email, you must look for key red flags: an unfamiliar or mismatched sender email address, a sense of urgency or threats, suspicious links that don’t match their description, generic greetings, and unexpected attachments. Trusting your instincts and verifying any suspicious message is the best way to stay safe.
What is Phishing? 🎣
Phishing is a type of social engineering attack where a scammer sends a fraudulent message designed to trick you into revealing sensitive information. They impersonate a legitimate company or person to fool you into giving them your passwords, credit card numbers, or other personal data.
The 5 Red Flags to Look For
1. Check the Sender’s Email Address
This is often the easiest giveaway. Scammers may make the “From” name look legitimate (e.g., “PayPal Support”), but the actual email address tells the real story.
- How to Check: Hover your mouse over the sender’s name to reveal the full email address.
- What to Look For: Be suspicious of misspellings (e.g., “support@paypa1.com”), extra words or numbers, or an address from a public domain like
@gmail.comor@outlook.comwhen it should be from a corporate domain.
2. Look for a Sense of Urgency or Threats
Phishing emails try to make you panic so you act without thinking. They use language designed to create pressure.
- Common Phrases: “Your account will be suspended,” “Urgent action required,” or “Suspicious activity has been detected.”
- Remember: Legitimate companies rarely communicate with such high-pressure threats over email for account issues.
3. Hover Over Links Before You Click
Scammers will disguise malicious links to look like legitimate ones.
- How to Check: On a computer, hover your mouse cursor over any link in the email. The actual web address it will take you to will appear in the bottom-left corner of your browser window.
- What to Look For: If the destination URL is different from the link text or leads to a strange, non-official website, do not click it.
4. Watch for Generic Greetings and Poor Grammar
While AI is helping scammers write better, many phishing emails are still poorly crafted.
- Generic Greetings: Be wary of emails that start with “Dear Valued Customer” or “Dear User.” A company you have an account with will almost always use your actual name.
- Mistakes: Obvious spelling errors, bad grammar, and awkward phrasing are major red flags.
5. Be Wary of Unexpected Attachments
Never open an attachment you weren’t expecting, even if it seems to come from someone you know. The sender’s account could have been hacked. These attachments often contain malware that will infect your computer.
How to Report a Phishing Email
If you identify an email as phishing, don’t just delete it. Reporting it helps protect others.
- Use the “Report Phishing” Button: Most modern email clients (like Gmail and Outlook) have a built-in “Report Phishing” or “Report Junk” button. This sends the email to the provider to help them improve their spam filters.
- Forward to Your Company’s IT Team: If you receive a phishing email at your work address, follow your company’s procedure, which usually involves forwarding it to your IT or security department.