Phishing is responsible for over 90% of successful cyberattacks. It’s not a technical exploit — it’s social engineering. The goal is to trick you into clicking a link, entering credentials, or downloading a file.

The good news: phishing emails almost always have tells. Here’s how to spot them.

Red Flag #1: Urgency and Fear

Phishing emails create a sense of emergency to short-circuit your critical thinking.

Common phrases to watch for:

• “Your account has been suspended”
• “Unauthorized login detected — verify immediately”
• “Your payment failed — update your billing info”
• “Final notice: your subscription will be cancelled”

What to do: If an email demands immediate action, slow down. Open a new browser tab and navigate directly to the service’s website — don’t click the link in the email.

Red Flag #2: Sender Address Doesn’t Match

The “From” display name can say anything, but the actual email address tells the truth.

Always check the full email address, not just the display name:

Display: Apple Support <no-reply@apple.com.suspicious-domain.ru>
Real sender: no-reply@apple.com.suspicious-domain.ru  ← NOT Apple

Legitimate companies send from their own domain. @apple.com is real. @apple-support-team.net is not.

Red Flag #3: Generic Greetings

Phishing emails are sent in bulk. They often can’t personalize them:

• “Dear Customer”
• “Dear User”
• “Hello Account Holder”

Your bank knows your name. Amazon knows your name. If a service you use regularly is addressing you generically, that’s suspicious.

Red Flag #4: Suspicious Links

Hover over any link in the email before clicking. The URL shown in your email client’s status bar is where you’ll actually go.

Watch for:

• Domains that aren’t the company’s real domain (amazon-secure.club)
• URL shorteners (bit.ly/3xK2...) — these hide the real destination
• Long URLs with random strings
• HTTP (not HTTPS)

Test any link at VirusTotal by right-clicking, copying the link address, and pasting it there.

Red Flag #5: Unexpected Attachments

Legitimate companies rarely send unsolicited attachments. Be especially wary of:

• .zip, .rar archives (could contain malware)
• Office files (.docx, .xlsx) asking you to “Enable Macros”
• .pdf files from unknown senders — PDFs can contain malicious scripts
• Executables (.exe, .bat, .cmd) — never open these

Rule: If you weren’t expecting an attachment, verify with the sender through a different channel before opening it.

Red Flag #6: Poor Spelling and Grammar

Legitimate companies have copywriters and editors. Emails riddled with grammatical errors or awkward phrasing are a sign that the sender isn’t who they claim to be.

A Real Phishing Email — Dissected

Here’s what a bank phishing email typically looks like:

From: Security Alert — no-reply@bankofamerica-updates.net

Subject: URGENT: Your account has been locked

Dear Customer,

We detected suspicious activity on your Bank of America account. Please verify your identity within 24 hours to restore access. Failure to verify will result in permanent account suspension.

Red flags:

1. Fake domain: bankofamerica-updates.net (not bankofamerica.com)
2. Generic greeting: “Dear Customer”
3. Urgency: “24 hours”, “permanent suspension”
4. Fear tactic: “suspicious activity”

What to Do If You Receive a Phishing Email

1. Don’t click any links or open attachments
2. Don’t reply — even to unsubscribe
3. Report it: Most email clients have a “Report Phishing” button. Use it.
4. Delete it
5. If you accidentally clicked a link: change your passwords immediately, enable 2FA, and run a malware scan

Strengthen Your Email Security

For anti-phishing protection at the browser level — where a malicious link would open — tools like Malwarebytes can block known phishing domains before the page even loads.