Blog Post

How to Spot a Phishing Email

Date Published: Mar 11, 2021

Woman in Gray Hijab using a laptop

A phishing attack is a fraudulent attempt to get sensitive information and steal user data such as usernames, passwords, and/or credit card details. Basically how it works, is an attacker will create a fake email, website, log-in screen, text/instant message with the intent of duping you into opening the message and entering your personal information.

For example, an attacker might send out a fake email that looks to be from a legit source such as a business, college, or social media site like Instagram, mentioning something about confirming your password, credit card number, or other personal information. The link might then lead to a fake, but realistic, looking webpage that may even mimic a legit webpage asking you to enter your information. The link could also just open a malicious attachment that shoots a virus or malware into your computer.

Malware is a type of software that is designed to cause damage to a computer, server, client, or computer network. Types of malware include viruses, ransomware, spyware, worms, and Trojan horses (allow attackers access to a user’s system).

In short, Phishing emails and websites are bad mojo that could allow an attacker to steal your personal information. There are ways you can identify a phishing attack and actions to take for when you encounter one. Keep scrolling through to learn how to protect yourself from them.

Phishing Emails

Today, phishing emails are one of the most common online threats. If you ever receive an email from a web site or company that asks you to provide personal information or contains a link, there is a chance it could be a phishing scam and you should approach it with caution.

Real companies will never ask you to verify or provide personal, confidential information in an unsolicited email, so be extremely cautious of emails that do (Yahoo).

Here are some tips to help you identify a phishing email:

Pay Close Attention to the Sender’s Address

Upon getting an email prompting you for personal information take a close look at the “From” address. A phishing email may use a sender address that is or might be very similar to a legit company’s or one of your contact’s email address, but with slight differences.

Fraudsters often sign up for free email accounts and incorporate a company’s name in the address such as:, note the extra “m” on “Instagram” and the Yahoo address. Email addresses with these slight differences are designed to trick you into trusting the email.

So, make sure you check to make sure the email is legit by looking at the company contact information on their website or contact the company’s support team before clicking on any link or emailing back any information.

You can also contact the sender directly. If you can, use a previous email from the sender that you know is safe to make sure the email was indeed sent by them.

Double Check any Attachments or Links

If you ever receive an unexpected email from a company or contact that contains an attachment that should be a red flag, primarily if it doesn’t relate to anything or to something unexpected. Even, if you think the attachment is safe, you should always try to scan it first using anti-virus software.

Be especially weary when attachments are compressed files or zip files. If you received an attachment from a company or someone you know that you did not expect or looks suspicious in any way, contact that person to make sure they actually sent it to you.

Moving on to links, be careful when you come across links in emails and entering website addresses. Links and website addresses that contain malicious content may look almost identical to legitimate sites, normally using slight spelling changes, additional special characters, and/or a different domain (ex: .com instead of .gov).

Malicious links can also be hidden with the text/content of an email or alongside genuine links, such as a link to a company’s privacy policy page. A good practice is to hover over links before clicking on them to gain a sneak peek into where they will actually take you.

Going along with Paying Close Attention to the Sender’s Address if you receive an email with an attachment or link from a suspicious email address do not engage with the link or attachment.

Asking for Personal Information

As mentioned previously, legit companies generally don’t ask you to verify or provide personal or confidential information, like a bank account number, in an unsolicited email, so be extremely cautious of emails that do.

Do not reply to any emails or clink any links in emails asking for personal or confidential information. If you think the email is legit, contact the organization it appears to be from directly and do not use any communication method provided in the email.

Poorly Written Text/Content

One way you can quickly spot a phishing email is if the email contains poor language or grammatical errors in the body text of the email. When reading through the email, look for spelling mistakes, grammar errors, or odd turns of phrase.

Emails from legit companies are drawn up by professional writers and thoroughly checked for spelling, grammar, and legality errors. If you receive an unexpected email from a company that is full of mistakes there is a good chance it could be phishing email. There have even been reports that scam emails are purposely poorly written to make sure that they trick the most unsuspecting and gullible targets .

Furthermore in terms of the text of an email, if you receive a message from a company that uses very generic greetings such as “Dear Customer” or “Dear Member”, this is a good indicator of a potential phishing email. Attackers usually send thousands of emails at once and they will rarely have your name, which most companies you have accounts with have. So, be cautious if an email sounds generic.

To add, if you receive an email from a friend, family member, or regular contact and the text doesn’t sound like them, contact them through a different method of communication to make sure the email is from them.

The Email Enacts Urgency

Often times, phishing emails are designed to make you panic and include urgent “calls to action” to get you to act immediately out of concern. A bad email may say things like “your account may have been compromised and the only way to verify it is to enter your login details”, “your account will be closed if you do not act immediately”, or “urgent action is required”.

Pay attention to those words that provoke a sense of urgency such as “immediately” or “urgent” (Yahoo).

Phishing Email Attacks

The biggest thing is that being cautious with emails is never a bad thing and if you have any suspicion regarding an email you received, throw it out when it doubt. Links and attachments in emails, social media posts, and other online ads are usually how attackers get a hold of your personal information. So, if something looks at all suspicious, delete it.

Continue to How to Spot a Phishing Website.