How to Spot a Phishing Email: 8 Red Flags
Phishing is still the most common way accounts get hijacked — not because the scams are clever, but because they catch people in a hurry. Slow down for ten seconds and the red flags are usually obvious.
Eight tells of a phishing email
- 1. Urgency or fear. “Your account will be closed in 24 hours.” Pressure is the scammer's main tool.
- 2. A mismatched sender. The display name says “Your Bank” but the actual address is a random domain. Always check the real address.
- 3. Links that don't match. Hover over a link — if the destination isn't the official domain, don't click.
- 4. Generic greetings. “Dear customer” from a company that knows your name is a warning sign.
- 5. Unexpected attachments. Invoices or “documents” you didn't request can carry malware.
- 6. Requests for credentials. Real services don't email you asking for your password or full card number.
- 7. Subtle misspellings.
paypa1.com,amaz0n-support.com— look closely at the domain. - 8. Too good to be true. Refunds, prizes, and inheritances you never expected.
What to do instead of clicking
If a message might be real, don't use its links. Open a new tab and navigate to the company's site yourself, or use its official app. Verifying takes seconds and removes all the risk.
A disposable inbox does not make a phishing link safe to click. A scam is a scam wherever it lands — the same caution applies. See are temporary emails safe.
Reduce how much phishing you get
The less your real address is exposed, the fewer targeted scams reach you. Keep it off public pages, use a this site for untrusted sign-ups, and report phishing so filters improve for everyone. More on shrinking your footprint in 12 email privacy tips.