How to Spot a Phishing Email | Spot Fake Emails
Recognize the warning signs of phishing emails and learn practical steps to avoid falling for fake messages.
Common Signs of Phishing Emails
Phishing emails often create a false sense of urgency, claiming that your account will be closed or that suspicious activity has occurred unless you act immediately. They may contain spelling or grammar errors, unexpected attachments, or links that lead to unfamiliar domains.
Attackers frequently impersonate banks, delivery companies, streaming services, or internal departments like HR. The message may address you generically (“Dear Customer”) instead of using your name, though more targeted phishing—spear phishing—may include personal details.
Inspecting Links and Sender Information
Hover over links (without clicking) to see the actual URL and check whether it matches the legitimate site’s domain. Be wary of look-alike domains that use extra words, misspellings, or different top-level domains (for example, .net instead of .com).
Review the sender’s email address carefully. Phishers often spoof display names but use suspicious underlying addresses. On many mail clients, you can expand the header to see more details about where the message came from.
Safely Handling Suspicious Emails
If a message seems suspicious, do not click links or open attachments. Instead, navigate directly to the service’s official website or app to check for alerts. You can also contact the organization using trusted contact methods—not the phone numbers or links in the email.
Most providers offer “Report phishing” options that help their filters learn and protect other users. When in doubt, report and delete rather than risk interacting with a malicious message.