How do I know if an email is a phishing scam?

What are the signs of a phishing email or scam email?
How do I identify a fake email versus a legitimate one?

Phishing emails are one of the most common ways scammers steal personal information, passwords, and money. This answer is for anyone who uses email, whether for personal use or work, and wants to avoid falling for email scams. The goal is simple: help you quickly recognize phishing emails, understand the warning signs, and know what to do before clicking anything or taking action.

What is a phishing email?

A phishing email is a fraudulent message designed to look legitimate so it tricks you into taking an action. That action could be clicking a malicious link, downloading an attachment, or entering sensitive information like passwords or credit card details.

These emails often impersonate trusted organizations like banks, delivery services, or government agencies, using urgency or fear to push you into acting fast.

7 clear signs an email is phishing

1. Urgency or pressure to act immediately

Phishing emails often create panic:

• "Your account has been locked"
• "Suspicious activity detected"
• "Payment required immediately"

This pressure is intentional. Scammers want you to react quickly without thinking.

2. Suspicious sender email address

The display name might look real, but the actual email address tells the truth.

Examples:

• support@paypal-secure-login.com (fake)
• amaz0n-alerts@gmail.com (fake)

Always check the full sender email, not just the name.

3. Links that don't match the real website

Hover over links before clicking.

Example:

• Email says: www.amazon.com
• Actual link: scam-login-page.ru

Phishing emails often contain links to fake websites designed to steal your login or payment details.

4. Unexpected attachments

Be cautious of attachments you weren't expecting:

• "Invoice attached"
• "Receipt for your order"
• "Important document"

Attachments can install malware or viruses on your device.

5. Requests for personal or financial information

Legitimate companies do not ask for sensitive information via email.

Red flags include:

• Asking for passwords
• Requesting Social Security numbers
• Asking for credit card or banking details

6. Generic greetings and poor personalization

Phishing emails often say:

• "Dear Customer"
• "Dear User"

Legitimate companies usually use your name if they already have an account with you.

7. Too good to be true offers

Examples:

• "You've won a prize"
• "Free gift card"
• "Exclusive deal just for you"

If it feels unrealistic, it probably is.

Real-world phishing email examples

Common phishing email scams include:

• Fake bank alerts about suspicious activity
• Fake order confirmations asking you to call support
• Delivery failure notifications with links to "reschedule"
• Subscription renewal notices with fake invoices

These are designed to look routine and believable.

What NOT to do with a suspicious email

If you think an email might be phishing:

• Do NOT click any links
• Do NOT open attachments
• Do NOT call phone numbers in the email
• Do NOT reply with information

These actions are exactly what scammers want.

What to do instead

• Go directly to the company's official website and type it in yourself
• Log into your account there to check for issues
• Use official contact information from the real website
• Delete or report the email as spam

Simple rule to remember

If an email is unexpected, urgent, or asking you to take action involving money or personal information, treat it as suspicious.

Most phishing scams succeed because they look normal at first glance. Taking a few seconds to slow down, verify, and think critically is often all it takes to avoid becoming a victim.

Article Published By: Jared Caldara, Founder of ScamAware101