Every day, billions of phishing emails are sent worldwide. These fraudulent messages pretend to be from companies you trust - your bank, your email provider, online shopping sites, or even your employer. Their goal is simple: trick you into revealing passwords, credit card numbers, or personal information that can be used to steal your identity or money.

The good news is that once you know what to look for, most phishing emails are surprisingly easy to spot. This guide will show you the red flags to watch for and give you practical techniques to verify whether an email is legitimate or a scam.

The Sender's Email Address: Your First Line of Defense

The sender's email address is often the biggest giveaway that an email is fraudulent. Scammers rely on you not checking it carefully. Here's what to look for:

Check the Actual Address, Not the Display Name

Anyone can set their display name to "PayPal" or "Amazon Security Team." What matters is the actual email address. In most email programs, you can click on the sender's name to see the full email address. Look carefully at the domain - the part after the @ symbol.

Common Tricks

  • Character substitution: support@paypa1.com (number 1 instead of letter l)
  • Similar domains: security@amazon-services.com (legitimate Amazon emails come from @amazon.com)
  • Subdomain deception: noreply@paypal.security-check.com (the real domain is security-check.com, not PayPal)
  • Extra words: alerts@chase-bank.net (legitimate Chase emails use @chase.com)

Know the Real Domains

Take a moment to learn the actual email domains used by services you use frequently. For example:

  • Amazon uses @amazon.com
  • PayPal uses @paypal.com
  • Apple uses @apple.com or @email.apple.com
  • Microsoft uses @microsoft.com or @email.microsoft.com

If you're not sure what domain a company uses, don't click anything in the suspicious email. Instead, go to the company's website directly by typing their address into your browser, and look for their contact information there.

Urgency and Scare Tactics

Phishing emails almost always try to make you panic and act quickly without thinking. They know that if you slow down and think carefully, you'll probably realize something is wrong.

Common Urgency Tactics

  • "Your account will be closed in 24 hours"
  • "Suspicious activity detected - verify immediately"
  • "Failure to respond will result in account suspension"
  • "You have 48 hours to claim your refund"
  • "Urgent security alert - action required"

Here's the truth: Legitimate companies almost never threaten to close your account via email without prior warning. If there's a real problem with your account, you'll usually receive multiple notifications, and you'll be able to resolve it at your convenience - not within some arbitrary 24-hour deadline.

The Slow-Down Rule

If an email makes you feel panicked or rushed, that's your signal to slow down. Take a breath. Don't click anything. Instead, contact the company directly using contact information from their official website, not from the email.

Generic Greetings and Impersonal Language

Because phishing emails are sent to thousands or millions of people at once, they often can't personalize them. You'll see greetings like:

  • "Dear Customer"
  • "Dear User"
  • "Dear Valued Member"
  • "Dear Sir/Madam"
  • "Hello Account Holder"

Compare this to legitimate emails from companies you do business with. They almost always address you by name because they have your name in their customer database. While a generic greeting alone doesn't prove an email is fake (some automated legitimate emails use them), it's a warning sign to examine the email more carefully.

Suspicious Links: How to Check Before You Click

Links in phishing emails are designed to take you to fake websites that look like the real thing. These sites are built to steal whatever information you enter - usually your username and password, but sometimes credit card details or other personal information.

The Hover Test

Before clicking any link, hover your mouse cursor over it (don't click, just hover). Most email programs and web browsers will show you the actual web address the link goes to, usually in a small pop-up or at the bottom of your window.

Look carefully at this address. Does it match the company the email claims to be from? Watch for:

  • Misspelled domains: amaz0n.com, paypa1.com, micros0ft.com
  • Wrong domains entirely: An email claiming to be from your bank but linking to secure-banking-services.com
  • Suspicious subdomains: paypal.account-verify.xyz
  • IP addresses: http://192.168.1.1 (legitimate companies use domain names, not raw IP addresses)
  • Shortened URLs: bit.ly links or other URL shorteners (legitimate companies rarely use these in security-related emails)

The Safe Alternative

When in doubt, don't use the link at all. Instead:

  1. Open a new browser tab or window
  2. Type the company's website address yourself (or use a bookmark you previously saved)
  3. Log in to your account directly
  4. Check for any alerts or messages in your account dashboard

This takes an extra 30 seconds but protects you from clever fake websites that can look identical to the real thing.

Grammar, Spelling, and Formatting Issues

While phishing attempts are becoming more sophisticated, many still contain telltale errors that professional companies would never let slip through:

  • Obvious spelling mistakes
  • Awkward or unnatural phrasing
  • Inconsistent formatting (mixing fonts, sizes, or colors strangely)
  • Poor grammar or punctuation
  • Random capitalization

Companies like Amazon, PayPal, and major banks have professional communications teams. Their emails go through review processes. While the occasional typo can slip through, multiple errors or awkward language is a major red flag.

Requests for Sensitive Information

This is perhaps the most important rule: Legitimate companies will never ask you to provide sensitive information via email. Ever. Period.

Information No Company Will Request by Email:

  • Your password
  • Your full credit card number
  • Your Social Security number
  • Your PIN or security codes
  • Your mother's maiden name or other security questions
  • Your date of birth (for verification purposes)

If you receive an email asking for any of this information, it's a scam. No exceptions. Real companies know that email is not secure and would never ask you to send sensitive data this way.

Unexpected Attachments

Be extremely cautious with email attachments, especially unexpected ones. Attachments can contain malware that infects your computer when opened. Be particularly suspicious of:

  • Invoices or receipts you weren't expecting
  • Files with extensions like .exe, .scr, .zip, .doc, or .xls from unknown senders
  • "Voicemail" or "fax" attachments when you weren't expecting one
  • Documents that ask you to "enable macros" or "enable editing"

The Attachment Rule

If you weren't expecting an attachment, don't open it. Contact the supposed sender using a method other than replying to the email to verify whether they actually sent it.

Too Good to Be True Offers

Some phishing emails don't threaten you - they tempt you with exciting opportunities:

  • "You've won a prize! Click here to claim it!"
  • "You've been selected for a special refund"
  • "Congratulations! You're pre-approved for a huge loan"
  • "Earn $5,000 a week working from home"

Remember: If you didn't enter a contest, you didn't win it. If an offer seems too good to be true, it almost certainly is. Legitimate sweepstakes notify winners in specific ways and never ask for sensitive information upfront.

Mismatched or Missing Information

Sometimes phishing emails slip up on details. Look for:

  • Wrong account numbers: The email references an account number you don't recognize
  • Incorrect personal details: They have your email but use a name that's not yours
  • Services you don't use: An "alert" from a bank you don't have an account with
  • Wrong location or device info: "We noticed a login from New York" when you've never been there

What to Do When You Spot a Phishing Email

If you identify an email as phishing, here's what to do:

  1. Don't click anything in the email - Not links, not buttons, not "unsubscribe" links
  2. Don't reply - Even to tell them off. Replying confirms your email address is active
  3. Mark it as spam or phishing - Most email services have a "Report Phishing" button
  4. Delete it - Move it to trash, then empty your trash
  5. Report it - Forward the email to reportphishing@apwg.org and to the company being impersonated

Building Your Phishing Detection Skills

Like any skill, spotting phishing emails gets easier with practice. Here's how to get better:

  • Always check the sender address - Make it a habit for every email requesting action
  • Hover before you click - Check link destinations before clicking
  • Trust your instincts - If something feels off, it probably is
  • Take your time - Phishers want you to rush. Slow down
  • When in doubt, verify independently - Contact the company directly through their official website

Final Thought

Being cautious with emails doesn't mean being paranoid. It means being smart. A few seconds of careful checking can save you from hours of cleanup if you fall for a phishing scam. Make verification a habit, and it will become second nature.

Remember: Legitimate companies understand security concerns. They won't be offended if you verify who you're talking to before providing information. In fact, they encourage it. Stay skeptical, stay safe.