How to spot a phishing email and avoid falling for a scam

What are phishing emails?

Phishing emails are a scam method in which criminals send emails containing fraudulent links or file attachments to deliberately trick users into revealing their personally identifiable information. These emails often pretend to come from legitimate businesses and use visual elements that replicate genuine templates that the real sender would use.

In a classic phishing email scam, the email content urges the recipient to open a link within the email. The link may lead them to a login, signup, or checkout page. The user enters their personal information — for instance, username and password, home address, and credit card details. Unbeknownst to them, the website is unencrypted, and the cybercriminals on the other end can then collect this information, effectively stealing the data.

Instead of phishing links, cybercriminals can use malware-infected attachments to the email. If the user downloads the file and opens it, they release the malware into their device. Depending on the kind of virus the hackers used, it may restrict the user’s access to their device, create a backdoor for hackers to funnel personal information, or start logging everything the user enters with their keyboard to find out their login credentials and other sensitive information.

Sometimes, hackers pick a specific target and build a spear phishing campaign around them. Spear phishing emails may be more personal and harder to detect, using the target’s name and imitating services they may actually use.

Phishing emails tend to target personal or financial information. Cybercriminals can use stolen user data to impersonate them online, committing identity theft. They can also gather stolen credentials and sell them on the dark web. Using the information stolen through the phishing email, cybercriminals may conduct cyber extortion, demanding money from their target to remove their sensitive data from the criminals’ databases.

How to spot a phishing email

Over the years, phishing campaigns have become more elaborate and sophisticated. Nevertheless, you can still identify a phishing email by looking for irregularities in its content. By identifying and flagging phishing emails, you can prevent identity theft and protect your sensitive information. Take a look at the most common phishing email red flags — you might’ve encountered them before.

Suspicious sender email

When you receive a potential phishing email, always check where it came from. The email address might look very similar to a legitimate service provider. However, the username or the domain might be off. For example, instead of a standard “[email protected]” email, it might look like “[email protected]” instead. Keep an eye out for these false address signs:

• A username that doesn’t match the sender's usual communication.
• An email domain that’s similar to a real domain but uses extra words or symbols.
• A different top-level domain, like “.net” instead of “.com”.
• Letters are replaced by numbers or other symbols, like “0” instead of “o.”

Generic greetings

If you’re a long-time subscriber to a service, you may be used to promotional emails that address you by name. Generic greetings aren’t necessarily a sign of a scam — some businesses use “Dear customer,” or “Hello” as a default greeting. However, if it feels out of the norm, it might be phishing. The opening greeting of a scam email tends to be “Dear Sir/Madam” or “Hello, [email username].”

By using the email username, scammers are more likely to convince the target, especially if they use the same username on different platforms. However, if a company referred to you by your name in the past and has suddenly swapped to an unusual greeting, think twice about responding.

Unexpected, urgent, and threatening communication

A core element of phishing attacks is building pressure. Scammers will press their targets to click the link or download the attachment quickly. They may insist that if the user doesn’t comply, they will be faced with fines or repercussions. Look out for terms like “Urgent: Act now” or “Overdue payments” in suspicious emails — those might be cybercriminals going after your money.

Grammar and spelling errors

One misspelled word might be an incident. Multiple is a pattern. An email littered with weird sentences and typos is almost guaranteed to be a scam. Keep a sharp eye out for grammatical errors in the emails you receive. Official communications often go through multiple rounds of checks that wouldn’t let an error-ridden email to be sent, even for testing purposes. Bad grammar can mean bad intent.

Stylistic inconsistencies

It’s not just about what the email says — it’s how it looks. Companies that send newsletters, updates, and other information to their customers typically follow a set template as part of their design image. Scammers usually can’t imitate these templates. Instead, you might get an email with a design that looks broken. For example, components aren’t loading like they normally do, images appear broken, or the fonts are mismatched. It looks like a malfunctioning email.

However, if you happen to spot a phishing email with a weird template, avoid clicking its visual elements — cybercriminals can disguise clickable elements and hide malicious links behind broken images.

Suspicious links

If the email is the bait, malicious links are the hook that catches the victims. Sometimes, the links are obvious — a highlighted word or a big flashy button that says “Click now.” However, cybercriminals can play coy with their phishing websites. A suspicious website can hide behind a header, an illustration, in the signature, or even the frame that surrounds the text.

To avoid accidentally clicking on any malicious links, hover over the entire email and don’t click anywhere. See how the link preview looks. If it has a domain inconsistent with the sender or is a combination of random letters and numbers, it may be disguising a scam.

Unusual file attachments

Malicious attachments can be a bit more complicated than phishing links. Many email service providers nowadays have built-in filters that scan all file attachments to flag spam, meaning that many users don’t even encounter the risk of downloading these files. However, some emails manage to slip through the cracks.

Be wary of strange file names and formats that couldn’t be scanned. Likewise, .exe files can be used to disguise malware — if you download and open them, they run an installer hiding a virus. Cybercriminals can start causing damage to your device from the inside. Keep in mind that it doesn’t just affect computers — mobile devices can also be susceptible to malicious files.

Requests to provide sensitive personal information

Most reputable service providers, including financial, medical, and legal institutions, must adhere to strict and secure data handling practices. This means they won’t ask for their customers’ credit card information, Social Security numbers, or passwords via email.

Scammers, on the other hand, often ask their targets to submit highly sensitive information using unencrypted channels, like email. If an impersonator is asking you to provide personal information related to your identity, check the real company’s policy — it’s likely they have a statement about what information they may request and what customer data they store.

What to do if you spot a phishing email

Phishing emails can be pesky, and their “authors” seek new ways to get around the usual spam filters to convince the target it’s not actually a scam. If it’s obvious at first glance that an email is malicious, even if it has managed to escape your inbox’s spam filters and hit your primary or promotional inbox, mark it as spam and delete it immediately. Don’t click any components, because they might contain malicious links.

If you receive multiple emails from the same sender, you can block their address to prevent further spam. Flagging and blocking spam accounts helps your email provider better identify and prevent future phishing mail from reaching you.

Workplace email scams are commonplace. A cybercriminal pretending to email on behalf of a CEO, asking to remind them of the login credentials to a confidential account, has proven to be surprisingly effective. If phishing emails are targeting your work-related inbox, inform your company’s IT department immediately.

What to do if you've fallen victim to a phishing scam

Phishing campaigns can be very convincing, which is why they remain an effective tool for cybercriminals. People unwittingly give up their personal information and account access to hackers, thinking the phishing email was business as usual. The criminals might then use this data to impersonate their targets.

Common signs of identity theft include an influx of suspicious emails and phone calls, loans being taken out in your name, and debt collection notices. The good news is that even if you’ve become a victim of phishing, you can still protect your sensitive information online and protect yourself from becoming a victim of identity fraud.

1. Change your password immediately

If you entered your login credentials on the scam website, you must change that password immediately. If you’ve reused the same login details for multiple accounts, make sure to update them too — if your password is compromised once, the other accounts are also at risk. Use strong and unique passwords for all accounts. Ideally, they should be at least eight characters long and use a combination of uppercase and lowercase letters, numbers, and special characters. You can use a password manager to generate and manage different credentials.

2. Inform the legitimate platform about the scam

You might not be the only victim of the phishing campaign. Report the scam email to the website it pretended to come from. That way, news about the scam can get out faster, and the platform can inform other users about the phishing attempts. Each platform might have its own method to report phishing emails. Usually, you can forward the phishing email to the platform’s support channels.

3. Contact financial institutions

If cybercriminals got access to your financial information, you must inform your credit issuers and bank immediately. You can freeze your bank card to prevent unauthorized transactions. Likewise, you can set up a credit lock or freeze, which can stop criminals from attempting to take out loans in your name.

4. Report the incident to cybersecurity authorities

If you’re targeted by a regular phishing scam or an AI phishing scam, you can report the incident to America’s Cyber Defense Agency (CISA). If the scam is related to your financial information, alert the Federal Trade Commission (FTC) as well. You should also consider filing a police report to create an official record of the crime, which can help track down the perpetrators.

5. Monitor and secure your accounts

Stolen credentials might remain dormant for a while. If you’ve accidentally provided your sensitive information to hackers, monitor accounts that can be traced back to it. Even if you don’t notice any suspicious activity, you should change your login details to protect your accounts from unauthorized access.

6. Reinforce the security of your other accounts

If your login credentials were stolen in a phishing attack, you can still prevent criminals from using them effectively. Log in to any impacted account, change every vulnerable password, and set up multi-factor authentication. With this extra security step, cybercriminals won’t be able to verify their login attempts.

If possible, you can also change your passwords into passkeys — a more robust security measure that combines encryption and biometric authentication, ensuring only you can access your account.

7. Scan device for viruses

Routinely check your device for viruses after a phishing scam. If you’ve accidentally installed malware on your device, use an antivirus to detect, quarantine, and remove the virus. Run a thorough scan cycle to find deeply buried viruses and prevent them from causing damage or stealing your data.

How to protect yourself from phishing emails

Chances are you’ve received at least a few phishing emails in the past year. You can reduce their frequency and protect your inbox from becoming a target for phishing campaigns by adopting a few cybersecurity strategies in your day-to-day.

• Take your time. Scammers will often pressure you to act now and do as they ask without any delay. Don’t succumb to the pressure — think if there’s a reason why the sender would need to contact you so urgently, thoroughly review the email for red flags, and don’t provide any information if you still have doubts.
• Verify the senders’ addresses. Were you expecting this communication? Does it feel routine or out of the ordinary? Has the sender used the same email address as always, or have they suddenly decided to switch things around? Analyze the sender’s information to confirm whether the email is a scam or legitimate.
• Check if the links in the email are legit. Hover over the email address, carefully copy the hyperlink, and run it through a website checking. Avoid directly clicking on any links in case they contain malicious content.
• Use a decoy email address. Each new account tied to your email increases the likelihood of your data being sold to third parties — some of which may have ulterior motives. By creating an email mask, you can still create new accounts, but instead of supplying websites with your actual personal information, all they see is a decoy username.
• Set up spam filters. Although your email automatically checks for potential spam, you can set up custom filters to detect and block unwanted mail. Filters can block specific domains and denylist terms you want to avoid, lowering the chances of you encountering malicious emails.
• Keep your cybersecurity software updated. The latest versions of apps you use every day usually contain security patches that help prevent vulnerabilities from breaching your system. Updated software is better at identifying and blocking malicious files or unauthorized access attempts.
• Set up security alerts. In June 2025, Cybernews exposed a data breach containing 16 billion login credentials. For many, this news was the first time they’d learned their personal information had been compromised. With security alerts and notifications in place, you don’t have to worry about breaches happening behind your back — you’ll be alerted about any credential breaches as soon as they appear in a data breach.
• Get identity theft protection. While “preparing for the worst-case scenario” can sound a touch dramatic, the reality is that phishing scams are effective at extracting people’s identifiable information. To ensure you don’t let such incidents go unchecked, consider investing in an identity theft protection service. With it in place, you can rest assured that you will receive professional support if you become a victim of identity theft.