← All posts

How to Spot a Phishing Email

How to Spot a Phishing Email

Phishing is a simple trick that keeps working. Someone sends a message that looks official, creates a sense of urgency, and asks you to click a link or hand over a password.

It works because it targets people, not software. But once you know the pattern, it becomes much easier to catch.

The feelings scammers use

Phishing almost always pulls on an emotion. Watch for messages that make you feel:

  • Afraid, such as "your account will be closed".
  • Rushed, such as "act within 24 hours".
  • Excited, such as "you have won" or "claim your refund".

Real organisations rarely pressure you like this. Urgency is a red flag, not a reason to hurry.

The signs in the message

Look closely before you act. Common tells include:

  • A sender address that is slightly off, or does not match the real company.
  • Generic greetings like "Dear customer".
  • Small spelling and grammar mistakes.
  • A link whose text does not match where it really goes.
  • Any request for a password, code, or payment detail.

That last one is the big one. Trustworthy services do not ask for your password by email.

Check the link before you click

The most dangerous part of a phishing email is usually the link. It may show a familiar name while pointing somewhere else entirely.

Before clicking, hover over the link to see the real address. If you are unsure, do not click it. You can paste the link into the link inspector on this site to see exactly where it leads and what it carries, without visiting the page.

When in doubt, ignore the link completely. Open a new tab and type the company's real address yourself.

Habits that protect you

A few routines quietly defend you:

  1. Slow down when a message feels urgent.
  2. Verify the sender through a channel you already trust.
  3. Never enter passwords from a link in an email.
  4. Turn on two-factor authentication, so a stolen password is not enough.

A password manager helps here too. It will not autofill your login on a fake lookalike site, which is a quiet but powerful warning.

Where secure email fits

Some email services add extra protection, filtering more scam messages and keeping your inbox private with strong encryption. A more private inbox will not replace good habits, but it reduces how many bad messages reach you in the first place.

The takeaway

Phishing relies on urgency and a single careless click. Slow down, check the sender, inspect the link, and never share a password from an email. Those habits stop the vast majority of attacks.