Every day, billions of phishing emails land in inboxes around the world. These are messages crafted by criminals to look like they came from banks, government agencies, delivery companies, or tech giants — when in reality, their only purpose is to steal your personal information, passwords, or money.
The good news: phishing emails almost always have telltale signs. Once you know what to look for, you'll catch them before they cause any harm. Here's what to watch for.
The Sender's Address Doesn't Add Up
The display name of an email — the name you see in your inbox — can say anything. A scammer can make an email appear to come from "Chase Bank" or "Medicare" while the actual sending address is something completely different.
Always click or hover on the sender's name to reveal the actual email address. Legitimate organizations send from their own domains. An email claiming to be from PayPal but sent from paypal-support@gmail.com or noreply@paypa1.com (notice the number "1" instead of the letter "l") is a fake. Look closely — scammers are expert at creating addresses that look nearly identical to the real thing.
There's a Sense of Urgency or Threat
Phishing emails are designed to make you panic and act fast, before you have time to think. Watch for phrases like:
- "Your account will be suspended in 24 hours"
- "Unusual activity has been detected — verify your identity immediately"
- "Your package could not be delivered — click here to reschedule"
- "You owe back taxes — pay now to avoid legal action"
Legitimate companies and government agencies do not pressure you through email to take immediate action or threaten consequences if you don't click a link right now. When you feel rushed, slow down instead.
The Link Doesn't Go Where It Claims
Before clicking any link in an email, hover your mouse over it (don't click — just hover). At the bottom of your browser or email program, you'll see the actual web address the link leads to. If the email says it's from your bank but the link points to a long, strange-looking address with a different domain name, it's a phishing link.
On a phone, you can press and hold a link to see a preview of the address before committing to it. If the destination doesn't match what you'd expect — close the email.
It Asks for Personal Information
No legitimate bank, government agency, or reputable company will ask you to confirm your Social Security number, password, credit card number, or PIN via email. Full stop. If an email asks you to "verify" or "update" sensitive information by clicking a link, it is a scam — regardless of how official it looks.
Poor Spelling, Grammar, or Formatting
Many phishing emails originate overseas and are poorly translated. Watch for unusual phrasing, awkward sentence structure, or random capitalization. That said, modern scammers have gotten much better at mimicking professional language, so don't rely on this alone — a well-written email can still be fraudulent.
The Attachment You Weren't Expecting
An email you weren't expecting that includes an attachment — especially a .zip, .exe, or even a Word document — is a serious red flag. Opening malicious attachments can install software on your computer that steals passwords or locks your files. If you didn't request a document and don't recognize the sender, don't open the attachment. Contact the supposed sender through a phone number or website you find independently.
Common Phishing Scenarios to Know
- The bank alert: "We've detected suspicious activity on your account. Log in here to confirm your identity." The link leads to a fake bank page that captures your login.
- The package delivery: "Your USPS/FedEx/UPS package requires action." Clicking may ask for a small "redelivery fee" — capturing your card number.
- The tech support alert: "Your computer is infected. Call this number immediately." Designed to get you to pay for fake help or install malware.
- The prize notification: "You've won a gift card! Claim it now." Designed to collect personal details or get you to pay a fake "processing fee."
What to Do If You Clicked a Link
First — don't panic. Clicking a link doesn't automatically mean you've been hacked. Here's what to do immediately:
- Don't enter any information on the page that opened. Close the tab right away.
- Change your password on the account that was impersonated, using the real website (type the address yourself — don't click any links).
- Run a virus scan on your computer using your existing security software.
- Check your accounts over the next few days for any unfamiliar activity.
- Report it. Forward phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org, or report them directly to the company being impersonated.
If you did enter personal or financial information, contact your bank immediately and consider placing a fraud alert on your credit file through one of the three major credit bureaus.
The Best Defense Is a Pause
Scammers count on speed and fear. The single most effective thing you can do is resist the urge to click immediately. When an email makes you feel urgent or uneasy, take a breath. Go directly to the company's website by typing it into your browser. Call the organization using a number from their official website. Trust your instincts — if something feels off, it probably is.