How to spot a phishing email

Phishing is a type of cyberattack where the nefarious actor "fishes" for victims, trying to steal their sensitive information or infect them with malware. While it's not a new threat, it continues to be massively prevalent. In fact, according to Station X, 3.4 billion phishing emails are sent per day – which means almost 1.2% of all emails are malicious.

The reason why they're so effective is because they constantly evolve, making it very hard to recognize the malicious intent. There's also a lot to be said about human error, and the carelessness with which many of us open and click on emails without giving them a second thought.

Below, I'll dig into the main red flags to look for, and explain more about how to spot these phishing threats. Let's begin.

Phishing in a nutshell

Phishing attacks use social engineering tactics to coerce victims into revealing information such as personal data, logins and passwords, financial details, and the like.

They do this by reaching out – usually via email – and including a link to a bogus site in the message. While the phishing site can (and often does) look very convincing, it's typically designed to steal valuable information and siphon it away to the cybercriminal. Then, it can be used to commit additional attacks or even identity fraud.

I'd be remiss not to mention that, while phishing is mostly delivered via email, it's not the only way the scams are propagated. Hackers also engage in video message phishing (vishing), SMS phishing (Smishing), and more.

Essentially (and unfortunately), any communication format can be used for phishing, but I'll focus on email phishing, seeing as it's the most prevalent.

When targeting people with phishing scams, hackers usually mimic legitimate communications from reputable organizations to make their cyberattack more convincing.

A sense of urgency is generally present in these messages, aimed at lowering the victim's guard and "encouraging" them to spring into action. The goal here is to create the impression that waiting and analyzing the email/message is wrong, and that acting (clicking on a link, opening an attachment) immediately is critical – which is never the case. That said, let's observe the typical signs of a phishing email.

1. Authority and urgency

As I mentioned above, receiving any email that rushes you into clicking a link or making a quick decision is one that's hoping you won't stop to think whether or not it's a legitimate correspondence.

Therefore, if you receive an email that pushes you to act before it's too late or avoid missing out on a massive deal, don't get sucked in. Instead, always read the entire email carefully and calmly.

Sometimes scammers will resort to cheap attempts to provoke a reaction – like fear. They're not above pretending to be hospitals delivering bad news or doctors with important, time-sensitive, correspondence.

The takeaway here is that, as a rule of thumb, any email that creates an emotional response like fear or panic should be treated as suspicious. If you feel the need to click on a link within the email immediately, that's exactly when you should stop.

2. It's too good to be true

An old saying goes, "There's no free lunch." While this economic adage holds true in most cases, the notion of getting something for free continuously causes millions of people to get in trouble with phishing emails.

Scammers know this, which is why they often tempt potential victims with hot ticket items. Examples include concert tickets, medications, limited edition runs of products – virtually anything that appears "free" and that would encourage victims to click that link,

More precisely, crooks prey on the fear of missing out (FOMO), and are counting on the fact that people might act before thinking. Again, speed is the critical consideration here – the less time you think about the why and how, the higher the chance that you'll act.

To increase the chances of their attacks working even further, scammers also pair these "offers" with unbelievably low prices, rewards, or other incentives to coerce victims into clicking and sharing their details. So, if it looks too good to be true – it most likely is.

3. Bad spelling, worse grammar

Messages from legitimate sources, such as medical facilities, banks, companies, and the like, are typically proofread and edited carefully to avoid publishing spelling and grammar mistakes.

While it's impossible to avoid these mistakes all the time, blatant errors can often indicate phishing – especially if the email claims to be from a legitimate source that should know better.

As always, reading through each email carefully and calmly can stop you from having an emotional response to urgency. The calmer you are, the more observant you typically become, which makes it easier to spot bad spelling and grammar, ultimately helping you spot a potential phishing attack.

4. Impersonal emails from the unknown

It's common for your doctor, bank, workplace, etc. to know your first name, and use it in official communications that require you to take some kind of action. This also happens during email correspondence with genuine individuals who are reaching out to you for the first time. After all, it's only polite.

Conversely, generic greetings like "Dear customer," "Dear sir/madam," etc. can be a potential red flag, and a sign that you could be looking at a phishing email originating from an outside source that's hungry for your data.

5. Domain mismatches

Among the most obvious and easiest to spot signs that you could be looking at a phishing email are domain mismatches. Therefore, if an email claims to be from a company like Amazon, for example, it's worth checking the email domain to see if it matches up. If anything at all looks off, this could be a red flag.

When it comes to how to determine whether a company's domain is legit or not, you can use previous emails you know are legitimate to compare with the one you're wary of.

When doing so, it is critical to be extremely vigilant and observe even the most subtle differences – such as Amaz0n instead of Amazon, for instance.

The same vigilance should also be applied to any links included in the message, as unusual domains are a good indication of a phishing attempt (not to mention a lack of HTTPS).

I'd even say observing and comparing domain names should become a habit for all emails you receive, as this is one of the biggest signs that there's something iffy going on.

6. Odd attachments

This one is pretty much an amalgamation of the five previous red flags. Noticing any attachments in messages from unknown senders, such as links, documents, images, and the like, is typically a red flag. If you're not expecting an attachment or don't recognize it, well, don't open it!

These attachments could contain ransomware or malware, even if the message claims that they're a bank statement, invoice, or other "important" documentation.

You'll also want to be wary of bogus QR codes – especially as scammers are using them more and more often. Scanning a QR code within a suspicious email can be hugely dangerous and lead you straight to a phishing site.

Suspect you're being phished?

Now that you know more about what phishing emails are and how they work, I want to go a bit into what you should do once you spot what you believe to be a phishing attack.

If you receive an email whose legitimacy you're uncertain of, one of the first steps could be to contact the sender directly for additional clarification – like reaching out to customer service.

Always keep in mind that most companies, such as your bank, for example, won't ask you to hand over personal information via email. If a sender claiming to be from your bank does, it's a reliable sign you're probably looking at a phishing attempt.

Ultimately, you should report the email as phishing. Most email providers nowadays make this process simple and quick, and available with just a couple of clicks/taps.