Skip to content

How to Spot Phishing Emails: 10 Red Flags

Phishing emails are the most common cybersecurity threat. Here’s how to spot them.

1. The Sender Address Doesn’t Match

Check the actual email address, not just the display name:

Display name: "PayPal Security Center"
Email address: paypal-secure-2024@ru.randomdomain.xyz
                         ^
                         Not paypal.com

Hover over the sender name before clicking anything. If the domain doesn’t match the company, it’s a scam.

2. Generic Greetings

Legitimate companies use your name:

PhishingLegitimate
“Dear valued customer,”“Dear Sarah Chen,”
“Dear user,”“Dear Mr. Johnson,”
“Hello account holder,”“Hi Alice,”

If an email from a service you use doesn’t address you by name, be suspicious.

3. Urgent or Threatening Language

Phishers create panic to override your judgment:

“Your account will be suspended within 24 hours!” “Unauthorized login detected. Verify immediately.” “You owe $499.99. Payment overdue.”

Legitimate companies don’t threaten you via email. If it creates urgency, it’s probably fake.

4. Suspicious Links

Hover over links (don’t click) to see the real destination:

Displayed link: https://paypal.com/reset-password
Actual link:    https://phishingsite.ru/steal/password

If the URL doesn’t match the company’s official domain, don’t click.

5. Spelling and Grammar Errors

Phishing emails often contain:

  • Awkward phrasing
  • Missing words
  • Incorrect capitalization
  • Strange formatting

Legitimate companies proofread their emails. Errors are a red flag.

6. Unexpected Attachments

Email attachments from unknown senders should never be opened:

  • Invoices you didn’t request
  • Shipping notifications for items you didn’t order
  • “Secure messages” in PDF format
  • ZIP or RAR files

7. Requests for Personal Information

Legitimate companies never ask for:

  • Your password (in any form)
  • Social Security number
  • Credit card details
  • Bank account numbers
  • Two-factor authentication codes

If an email asks for any of these, it’s a phishing attempt.

8. Too Good to Be True

“You’ve won £5,000,000 in the lottery!” “Your tax refund of $1,200 is ready.” “Exclusive investment opportunity — guaranteed returns!”

If you didn’t enter a contest, you didn’t win. Delete.

9. Mismatched Branding

Look closely at logos, colors, and formatting:

  • Blurry or stretched logos
  • Wrong company colors
  • Missing footer information
  • No physical address or unsubscribe link

Companies maintain brand consistency. Poor quality is a giveaway.

Real Examples

PayPal Phishing 

From: "PayPal" <secure-notifications@paypal-update.net>
Subject: Your account has been limited

Dear Customer,

We have detected unusual activity on your account.
Your account has been temporarily limited.
Click here to verify your identity immediately.

PayPal Team

Red flags: Wrong domain, generic greeting, urgent language, requests identity verification.

Delivery Phishing 

From: "FedEx" <tracking@fedex-delivery-alerts.xyz>
Subject: Package delivery failed

Your package could not be delivered.
Please download the shipping label and take it to your
local post office to reschedule delivery.

[Download Label (ZIP file)]

Red flags: Suspicious domain, unexpected attachment (ZIP).

What to Do If You Receive a Phishing Email

  1. Do not click any links or open attachments
  2. Do not reply
  3. Report it:
    • Gmail: Click “Report spam”
    • Outlook: Click “Report phishing”
    • Forward to the impersonated company’s security team
  4. Delete it

If you clicked a phishing link:

  1. Change your password immediately (on a different device)
  2. Enable two-factor authentication if not already enabled
  3. Run a virus scan
  4. Monitor your accounts for unusual activity
  5. Contact your bank if financial information was entered

Related: Set up two-factor authentication and learn about password managers.