How to Spot a Phishing Email: Red Flags, Examples, and What to Do Next
Have you ever gotten an urgent email about a locked account or a missed package? That jolt of panic is exactly what scammers want you to feel. They know a sense of emergency can make people act without thinking, and they use email scams to create that feeling on purpose.
This trick is called "phishing." Like a fisherman using a fake lure, a scammer uses a fake email, pretending to be a company you trust, to lure you into giving away your passwords or personal information. Understanding what phishing is gives you the first line of defense.
The good news is that you can learn their tricks. Spotting a phishing email is a skill anyone can master, and it doesn't require being a tech expert. This guide provides a simple, four-part checklist to confidently identify fakes and keep your information safe.
Red Flag #1: Does the Email Try to Make You Panic?
A scammer's most powerful tool is your own sense of panic. Phishing emails are often designed to make your heart jump—to make you feel like you must act right now or something terrible will happen. This is a deliberate social engineering trick, rushing you into a mistake before your common sense can kick in.
This urgency often appears in dramatic subject lines like "Urgent Action Required" or warnings that "Your Account Will Be Suspended." A classic suspicious email characteristic is the threat of losing money or access to a service you value. Scammers know that if you're worried, you're more likely to click their dangerous link without a second thought.
Before you do anything, just pause. Legitimate companies almost never operate this way. Your bank, Amazon, or Netflix will not threaten you with immediate, high-stakes consequences from a single email. This frantic tone is a huge giveaway.
Red Flag #2: Are There Obvious Spelling or Grammar Mistakes?
Beyond fake panic, scammers often reveal themselves through simple carelessness. Professional companies like Amazon or your bank have teams that write and review every email. A message filled with obvious spelling mistakes or awkward grammar is one of the clearest signs of a malicious email because it screams "unprofessional."
Pay close attention to how the email addresses you. Netflix knows your name, and so does your bank. Scammers, however, send millions of identical emails, so they use generic openings like “Dear Valued Customer” or “Hello User.” This impersonal greeting is a massive red flag because it shows the sender doesn’t actually know who you are.
A quick scan for these simple errors can help you identify a scam in seconds. But some fakes are more polished. When the message looks clean, you need to dig one layer deeper and check the next critical clue: who really sent it.
Red Flag #3: Who Really Sent This Email?
Scammers love this surprisingly effective trick. The name you see in your inbox—like “PayPal Support”—is just a display name. Think of it as a mask; anyone can put one on. You need to check the actual email address behind that mask, because that’s much harder to fake. Verifying the sender's identity is a crucial step in protecting yourself.
So, how do you peek behind the mask? On a computer, the real sender address is often visible right after the name. On your phone, you usually have to tap the sender's name to reveal the full email address. Taking that one second to tap can be the difference between safety and a scam.
Once the full address is visible, look at the part after the “@” symbol. A legitimate email from Netflix will come from an address like @netflix.com. Scammers use addresses that look close but are fake, such as @netflix-support.info or @mail-netflix.com. If the domain doesn’t perfectly match the company’s official website, you’re looking at a fake.
Red Flag #4: Where Does That Link Actually Go?
The most critical check involves the link itself, as the entire goal of a phishing email is to get you to click. Scammers are clever; they make the link look legitimate, often using a real company’s name. But just like the sender's name, a link's text can be a complete fabrication. What you read is not always where you’ll go.
How do you see the link’s true destination without falling into the trap? On a computer, gently hover your mouse cursor over the link—but do not click it. A small box will appear showing the actual web address. On a smartphone, press and hold your finger on the link until a similar preview pops up. This one move reveals the scammer's plan.
When that preview appears, look closely. The link might have said amazon.com, but the preview might show something strange like amazon-rewards[.]example[.]com. If the core part of the address—the part right before the .com or .net—doesn't perfectly match the real company’s website, it is a trap. Trusting the preview over the link's text is the single best way to avoid a phishing scam.
Dissecting a Real Phishing Example
In the wild, scammers rarely use just one red flag. They often stack them together, making a fake email surprisingly easy to spot once you know the pattern. Let's analyze a typical phishing attack using all four of our checks on this fake "FedEx" notification.
Notice how all the suspicious characteristics appear at once:
- The Suspicious Sender: The email address, fedex-tracking[@]example[.]com, is a dead giveaway. It’s not from the official @fedex.com.
- The Generic Greeting: It says “Dear Customer,” not your name. Real companies almost always greet you personally.
- The Sense of Urgency: The demand to act “within 24 hours” is a classic tactic to make you panic and click without thinking.
- The Deceptive Link: Hovering over that “Track Here” button would reveal a strange web address, proving it's a trap.
See how the evidence piles up? With just a few quick checks, this email goes from slightly suspicious to obviously fake.
Clicked a Bad Link by Mistake? Here's Your 3-Step Damage Control Plan
It happens—you're rushed, distracted, and click a link that immediately feels wrong. Panic is a natural instinct, but a clear plan is your best defense. If you think you’ve clicked a malicious link, use this simple damage control protocol.
Think of this as first aid for your digital life:
- Disconnect Immediately. Turn off your device's Wi-Fi or unplug its internet cable. This is the most important first step, as it can stop a scammer from accessing your device or prevent malware from doing more damage. It’s like slamming a door on an intruder.
- Change Your Passwords. On a separate, trusted device (like your phone or another computer), immediately change the password for the account the email was pretending to be. If you use that same password anywhere else, change those too.
- Scan Your Device. Once you reconnect to the internet, run a full scan using your antivirus software. This will help find and remove any harmful files that might have been downloaded onto your computer without your knowledge.
Knowing what to do provides peace of mind, but prevention is your best long-term strategy. By using the skills you’ve learned, you can spot and delete these fakes before you click.
Your 4-Point Checklist to Instantly Spot Scam Emails
Where an urgent email from your "bank" might have once caused panic, you can now see it as a puzzle you know how to solve. You’ve moved from reacting with uncertainty to responding with confidence. You don't need to be a tech expert to be safe; you just need to be a good detective.
The next time a message feels off, run it through this powerful mental checklist:
- The Feeling: Does it create panic or seem too good to be true?
- The Details: Are there obvious typos or generic greetings like "Dear Customer"?
- The Sender: Is the email address from an official company domain?
- The Link: On a computer, hover over the link. Does the destination match where it claims to go?
Trust that gut feeling, but always verify with these checks. Knowing how to spot a phishing email is the best way to protect yourself. Check out a preview of Doppel Simulation on how to spot a phishing email. You are the gatekeeper of your inbox. Now, instead of feeling anxious, you can confidently hit "delete" and report the message as phishing, stopping scammers in their tracks.