How to Spot a Phishing Email (Real Examples and Red Flags)
Phishing emails cost victims $52 million in 2023 alone. Here are the 8 red flags that reveal a fake email, with real examples so you can protect yourself and your family.
What Phishing Emails Are
Phishing is a cyberattack where criminals send fake emails designed to look like they come from trusted companies such as your bank, Amazon, Apple, Netflix, or the IRS. The goal is to trick you into clicking a malicious link, entering your login credentials on a fake website, downloading malware, or providing personal information like Social Security numbers or credit card details. Phishing is the most common type of cybercrime because it works. The FBI Internet Crime Complaint Center reports that phishing caused over $52 million in losses in 2023, and the real number is likely much higher because many victims do not report it. The good news is that phishing emails follow predictable patterns, and once you learn to recognize these patterns, they become easy to spot.
Red Flag 1 and 2: Sender Address and Generic Greeting
Red Flag 1: Check the sender email address carefully. Phishing emails use addresses that look similar to legitimate ones but have subtle differences. For example, support@amaz0n-security.com instead of support@amazon.com, or noreply@apple.account-verify.com instead of noreply@apple.com. Always check the full email address, not just the display name, because scammers can set the display name to anything they want. Red Flag 2: Legitimate companies that have your account will address you by name. Phishing emails typically use generic greetings like Dear Customer, Dear User, Dear Account Holder, or Dear Sir/Madam. If an email claiming to be from your bank does not use your actual name, treat it with suspicion.
Red Flag 3 and 4: Urgency and Threats
Red Flag 3: Phishing emails create artificial urgency. They claim your account will be suspended in 24 hours, your payment failed and service will be cut off, or you must verify your identity immediately. Legitimate companies may send reminders but they do not threaten immediate account closure with a countdown timer. When you feel panicked by an email, that panic is the manipulation working as intended. Stop, breathe, and verify by contacting the company directly. Red Flag 4: Threatening consequences for inaction. Your account will be permanently deleted, legal action will be taken, you will be charged a fee, or your credit score will be affected. Real companies do not use threatening language in routine communications.
Red Flag 5 and 6: Links and Attachments
Red Flag 5: Before clicking any link, hover over it with your mouse (do not click) to see the actual URL in the bottom-left corner of your browser or email client. On mobile, press and hold the link to preview the URL. If the URL does not match the company domain exactly, it is a phishing link. For example, a link that says Click Here to Verify Your Amazon Account but the URL shows http://amzn-verify-account.sketchy-domain.com is absolutely a scam. Red Flag 6: Unexpected attachments are dangerous. Legitimate companies almost never send attachments in transactional emails. If you receive an invoice, receipt, or document you did not expect, do not open it. Malicious attachments can install ransomware, keyloggers, or other malware the moment you open them. PDF, Word, Excel, and ZIP files are the most common attachment types used in phishing.
Red Flag 7 and 8: Spelling Errors and Too-Good Offers
Red Flag 7: Professional companies have editors and proofreaders. Emails with multiple spelling mistakes, grammatical errors, awkward phrasing, or inconsistent formatting are strong indicators of phishing. However, modern phishing emails are increasingly well-written, so the absence of errors does not guarantee legitimacy. Red Flag 8: Offers that seem too good to be true are almost certainly phishing. You have won a $500 gift card, claim your free iPhone, your tax refund of $4,829.50 is ready, or you have been selected for a special promotion. If you did not enter a contest, you did not win one. Legitimate refunds and promotions are processed through official channels, not surprise emails asking you to click links.
What to Do If You Click a Phishing Link
If you clicked a phishing link and entered your credentials on a fake website, act immediately. Change the password for that account right now, from a different device if possible. Enable two-factor authentication on the account. Check for unauthorized activity such as purchases, password changes, or account modifications. If you entered financial information, call your bank immediately and report the fraud. Monitor your credit reports for the next 6 months for any unauthorized accounts. Run a full antivirus scan on the device you used. Report the phishing email by forwarding it to reportphishing@apwg.org and to the company being impersonated. The faster you act after falling for phishing, the more damage you can prevent.
Pro Tips
Frequently Asked Questions
Can just opening a phishing email infect my computer?
Simply opening and reading a phishing email is generally safe in modern email clients. The danger comes from clicking links within the email, downloading and opening attachments, or replying with personal information. However, loading images in emails can confirm to the sender that your email address is active, so disabling automatic image loading adds an extra layer of protection.
How do phishing scammers get my email address?
Email addresses are collected from data breaches (check haveibeenpwned.com to see if your email has been exposed), social media profiles, public records, purchased mailing lists, and automated web scrapers that harvest email addresses from websites. Having your email address compromised is extremely common and not something to panic about, but it means you should be vigilant about suspicious emails.
What should I do if I gave my Social Security number to a phishing site?
Place a fraud alert on your credit reports by contacting one of the three bureaus (Equifax, Experian, or TransUnion) and they are required to notify the others. Consider placing a credit freeze which prevents new accounts from being opened in your name. File an identity theft report at IdentityTheft.gov. Monitor your credit reports monthly for at least 12 months.
Still stuck? Chat with Alex now.
Get personalized tech support help for your specific situation โ just $3.
Chat with Alex Chen โ $3 โ
