Menu
EN

How to identify phishing emails

Phishing emails are fraudulent messages designed to trick recipients into revealing personal information such as passwords, credit card numbers, or other sensitive data. These emails often appear to come from legitimate sources, such as banks, online services, or well-known companies, but are actually sent by cybercriminals. In this article, we will explore how to spot phishing emails, share practical tips to avoid becoming a victim, and provide steps to take if you suspect an email is a phishing attempt.

Key characteristics of email phishing

  • Suspicious sender addresses: the sender’s email address may look similar to a legitimate one but often contains slight misspellings or unusual domain names

  • Generic greetings and language: phishing emails often use generic greetings such as "Dear Customer" instead of addressing the recipient by name, and the language may be vague or overly formal

  • Urgent or threatening language: these emails often create a sense of urgency or fear, claiming that immediate action is required to avoid negative consequences, such as account suspension or unauthorized access

  • Suspicious attachments or links: phishing emails may contain attachments that contain malware or links that direct the recipient to fake websites designed to steal personal information

  • Poor grammar and spelling mistakes: many phishing emails contain noticeable grammar and spelling errors, which can be a red flag that the email is not from a legitimate source

  • Inconsistent branding: logos, colors, and other branding elements in phishing emails may not match those of the legitimate company they are trying to impersonate

  • Unusual requests for personal information: legitimate companies rarely ask for sensitive information such as passwords or credit card numbers over email

How to identify a phishing email: 9 ways

  1. It’s sent from a public or free email domain. A significant majority of phishing emails are sent from free mail services. As a rule, employees of legitimate companies do not use free email services for official communications. Authentic emails from banks, technology companies, and other institutions come from the organization's official domain. If the sender's email address isn't completely visible, you can click the “From” name to see the full email address and verify whether it is legitimate or from a suspicious source. For example, if all you see is “amazon@”, check the full email address to make sure it is not a free email domain such as “amazon@gmail.com”.

  2. The “From” name and email domain don’t match. Email providers allow users to customize the name that appears in the "From" field of their emails. While most legitimate users enter their real names, scammers take advantage of this feature to impersonate individuals and organizations. It is important to note that a mismatch between the sender's name and the email address is a strong indicator of a phishing attempt. You can click the name to see the actual sender details, which can help you identify potential scams. For example, you received a suspicious email from your colleague “John Smith”, so you decided to check the “From” section and you found out that the email came from “jack-leo@gmail.com”. It is unlikely that your colleague's email address would have a different name.

  3. The sender has spoofed a company’s domain name. “Spoofing” happens when scammers create deceptive versions of names or domains that closely resemble those of trusted companies to make their messages appear authentic. It's important to verify the domain of any sensitive email and be aware of any security warnings or requests to reset account passwords.

  4. A notification “There’s an issue with your account” or “Suspicious activity detected” (depends on your email provider). Scammers often use technical support and email security scams as common social engineering tactics in emails, text messages, phone calls, and social media direct messages (DMs). They send emails with subject lines that suggest you could lose money or access to your account if you don't act quickly and click the provided link. If you suspect that your account has been compromised, it's best to log in directly to the company's official website or mobile app to verify the authenticity of the alert.

  5. Suspicious links or attachments in the email. Almost all phishing emails contain either a link to a fraudulent website or a phone number to call. Phishing links can take you to a fake login page to steal your username and password, take you to a fake payment screen that captures your financial information, or infect your device with malware such as ransomware, spyware, or other malicious software. Before you click a link, hover over the button or text (or long-press on a mobile device) to check the URL destination. If the link doesn't take you to the website you expected, it's probably an email phishing.

  6. There is a bill you don’t recognize. If you receive a bill for a purchase you don't remember, don't click any links or call the customer service number provided. Check your bank statements directly through your mobile banking app or the bank's official website to confirm that the charge was legitimate. If there is no such charge, this confirms that the bill is indeed a scam.

  7. The blackmail. Scammers may try to intimidate you by claiming to have compromising videos or evidence of wrongdoing and threatening to release it unless you send them money. Scammers distribute millions of these messages, targeting people who may respond impulsively out of guilt. The majority of recipients can safely ignore these emails and block the sender.

  8. They ask to provide personal or sensitive information. Legitimate organizations will not request or verify personal or sensitive information through email (or by clicking links in unsolicited messages). If someone claiming to be from a known organization asks for information via unsecured email, it may be a phishing scam. Never send sensitive information such as credit card numbers, bank account information, or Social Security numbers (SSNs) via email. If such information is requested, contact the organization directly by phone to verify the request.

  9. There are spelling and grammatical errors. Grammar and spelling mistakes (for example, “Respected sir/madame” instead of “Dear [name]” or “Your account has been temporary suspend” instead of “Your account has been temporarily suspended”) are red flags because reputable organizations spend a lot of time and effort reviewing their communications before they go out. It's unlikely that a responsible company would send out an email riddled with spelling and grammatical errors.

What to do if you think an email is phishing

  1. Avoid clicking links or downloading attachments in suspicious emails. While it is generally safe to open a phishing email, clicking links or downloading attachments could expose your device to malware or give hackers access to your personal information.

  2. Check URLs before entering passwords or sensitive information. Instead of clicking links, manually type the full URL into your web browser to make sure you are visiting the correct website and not a spoofed version.

  3. Delete the email and block the sender. Once you've reported the phishing attempt, delete the email from your inbox. Blocking the sender will prevent future phishing emails from the same address.

  4. Scan your device with a reputable anti malware tool. Perform a thorough scan to detect any signs of unauthorized activity or malware on your device. Make sure the antimalware program is from a trusted commercial vendor.

  5. Change your passwords to stronger, more complex ones. Stronger passwords make it harder for scammers to compromise your accounts. A password manager can help generate and securely store unique passwords for each account.

  6. Enable two-factor authentication (2FA) for your accounts. This additional layer of security helps prevent unauthorized access even if your password is compromised.

How to protect yourself from phishing attacks

Scammers are constantly improving their tactics to bypass spam filters and deceive people with fraudulent emails. Modern phishing attempts often mimic real communications to instill fear and lead to mistakes in handling sensitive data security.

There are several things you can do to avoid falling victim to a phishing email:

  • Install anti-virus software to scan email attachments. Use antivirus tools on your devices to scan attachments before opening them. If suspicious attachments are inadvertently opened, the software can alert you and mitigate potential malware threats

  • Update your email provider's spam filters. Adjust settings to improve detection of phishing emails and automatically redirect them to your Junk folder for added security

  • Avoid rushing to respond to suspicious emails. Phishing messages typically create a sense of urgency. If an email makes you feel anxious or uncomfortable, take the time to examine it for signs of fraud.

Final thoughts

Phishing emails are becoming increasingly sophisticated, making them harder to recognize. However, there are still clear indicators that an email is a phishing attempt. This article discusses some of the most common signs of phishing emails to look for. If you're ever unsure about an email you've received, it's better to err on the side of caution and avoid clicking any links or sharing personal information.

Liked this post?
18,335 18335 user reviews
Excellent!

AdGuard for Windows

AdGuard for Windows is more than an ad blocker. It is a multipurpose tool that blocks ads, controls access to dangerous sites, speeds up page loading, and protects children from inappropriate content.
By downloading the program you accept the terms of the License agreement
Read more
18,335 18335 user reviews
Excellent!

AdGuard for Mac

AdGuard for Mac is a unique ad blocker designed with macOS in mind. In addition to protecting you from annoying ads in browsers and apps, it shields you from tracking, phishing, and fraud.
By downloading the program you accept the terms of the License agreement
Read more
18,335 18335 user reviews
Excellent!

AdGuard for Android

AdGuard for Android is a perfect solution for Android devices. Unlike most other ad blockers, AdGuard doesn't require root access and provides a wide range of app management options.
By downloading the program you accept the terms of the License agreement
Read more
18,335 18335 user reviews
Excellent!

AdGuard for iOS

The best iOS ad blocker for iPhone and iPad. AdGuard eliminates all kinds of ads in Safari, protects your privacy, and speeds up page loading. AdGuard for iOS ad-blocking technology ensures the highest quality filtering and allows you to use multiple filters at the same time
By downloading the program you accept the terms of the License agreement
Read more
18,335 18335 user reviews
Excellent!

AdGuard VPN

74 locations worldwide

Access to any content

Strong encryption

No-logging policy

Fastest connection

24/7 support

Try for free
By downloading the program you accept the terms of the License agreement
Read more
18,335 18335 user reviews
Excellent!

AdGuard Content Blocker

AdGuard Content Blocker will eliminate all kinds of ads in mobile browsers that support content blocker technology — namely, Samsung Internet and Yandex.Browser. While being more limited than AdGuard for Android, it is free, easy to install and still provides high ad blocking quality.
By downloading the program you accept the terms of the License agreement
Read more
18,335 18335 user reviews
Excellent!

AdGuard Browser Extension

AdGuard is the fastest and most lightweight ad blocking extension that effectively blocks all types of ads on all web pages! Choose AdGuard for the browser you use and get ad-free, fast and safe browsing.
18,335 18335 user reviews
Excellent!

AdGuard Assistant

A companion browser extension for AdGuard desktop apps. It offers an in-browser access to such features as custom element blocking, allowlisting a website or sending a report.
18,335 18335 user reviews
Excellent!

AdGuard DNS

AdGuard DNS is a foolproof way to block Internet ads that does not require installing any applications. It is easy to use, absolutely free, easily set up on any device, and provides you with minimal necessary functions to block ads, counters, malicious websites, and adult content.
18,335 18335 user reviews
Excellent!

AdGuard Home

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.
18,335 18335 user reviews
Excellent!

AdGuard Pro for iOS

AdGuard Pro has much to offer on top of the excellent iOS ad blocking in Safari already known to the users of the regular version. By providing access to custom DNS settings, the app allows you to block ads, protect your kids from adult content online, and safeguard your personal data from theft.
By downloading the program you accept the terms of the License agreement
Read more
18,335 18335 user reviews
Excellent!

AdGuard for Safari

Ad blocking extensions for Safari are having hard time since Apple started to force everyone to use the new SDK. AdGuard extension is supposed to bring back the high quality ad blocking back to Safari.
18,335 18335 user reviews
Excellent!

AdGuard Temp Mail

A free temporary email address generator that keeps you anonymous and protects your privacy. No spam in your main inbox!
18,335 18335 user reviews
Excellent!

AdGuard for Android TV

AdGuard for Android TV is the only app that blocks ads, guards your privacy, and acts as a firewall for your Smart TV. Get warnings about web threats, use secure DNS, and benefit from encrypted traffic. Relax and dive into your favorite shows with top-notch security and zero ads!
Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
Install AdGuard on your mobile device