How to Spot Phishing Emails — 7 Warning Signs

What Is Phishing?

Phishing is a cyberattack where criminals impersonate legitimate organizations to trick you into revealing sensitive information — passwords, credit card numbers, or personal data. These attacks most commonly arrive via email, but can also come through text messages, phone calls, and social media.

7 Warning Signs of a Phishing Email

1. Urgent or Threatening Language

Phishing emails create a sense of urgency: "Your account will be suspended!" or "Immediate action required!" Legitimate companies rarely use threatening language in their communications.

2. Suspicious Sender Address

Always check the sender's full email address, not just the display name. A message from "support@paypa1.com" (with a number 1 instead of L) is a clear red flag.

3. Generic Greetings

Phishing emails often use "Dear Customer" or "Dear User" instead of your actual name. Companies you have accounts with typically address you by name.

4. Mismatched or Suspicious Links

Hover over links (without clicking) to see the actual URL. If an email claims to be from your bank but the link points to a different domain, it is phishing.

5. Unexpected Attachments

Be extremely cautious with unexpected email attachments, especially executable files (.exe, .zip), Office documents with macros, and PDF files from unknown senders.

6. Poor Grammar and Spelling

While not always the case, many phishing emails contain grammatical errors, spelling mistakes, or awkward phrasing that legitimate businesses would not allow in their communications.

7. Requests for Sensitive Information

Legitimate organizations will never ask for your password, Social Security number, or full credit card number via email.

What to Do If You Suspect Phishing

1. Do not click any links in the suspicious email
2. Do not download attachments from the email
3. Report the email to your email provider as phishing
4. Contact the company directly using their official website (not links from the email)
5. Delete the email from your inbox

Advanced Phishing Techniques

Modern phishing attacks are increasingly sophisticated. Spear phishing targets specific individuals using personal information gathered from social media. Business Email Compromise (BEC) impersonates executives to trick employees into transferring money or data.

Stay Protected

The best defense against phishing is a combination of awareness, healthy skepticism, and security tools. Antivirus software and email security features can catch many phishing attempts, but your own vigilance remains the most important line of defense.