How to Spot a Phishing Email
Protect yourself and your business from the #1 cyber threat
What is Phishing?
Phishing is a type of cyberattack where criminals send fake emails designed to look like they come from trusted sources — your bank, your boss, Amazon, Microsoft — to trick you into clicking dangerous links, opening malicious attachments, or sharing sensitive information.
Think of it as a digital con artist knocking on your inbox door, pretending to be someone you trust.
of data breaches start with a phishing email
phishing emails sent every single day
average cost of a data breach in 2025
of breaches involve phishing attacks
The Anatomy of a Phishing Email
Click the numbered markers on the email below to learn about each red flag. Every number reveals a hidden danger.
Dear Valued Customer,
We have detected suspicous activity on your Amazon acount. Someone may have accessed you're account from an unrecognized devce.
For your saftey, we have temporarily limited your account. To restore full access, please verify your identity immediately by clicking the link below:
You will need to confirm the following information:
- Full name and billing address
- Credit card number and CVV
- Social Security Number
- Account password
Sincerely,
Amazon Customer Protecton Team
© 2026 Amazn Inc.
Suspicious Sender Address
Notice amaz0n-security.com uses a zero instead of the letter "o" and adds "-security" to the domain. Real Amazon emails come from @amazon.com. Scammers use look-alike domains to fool you at a glance. Always check the full email address, not just the display name.
Urgent / Threatening Subject Line
Words like "URGENT," "Immediate Action Required," and excessive punctuation (!!!) are classic pressure tactics. Scammers want you to panic and act before thinking. Real companies rarely use all-caps urgency in subject lines.
Generic Greeting
"Dear Valued Customer" instead of your actual name is a red flag. Companies you have accounts with know your name and will use it. Generic greetings signal a mass blast to thousands of potential victims.
Grammar & Spelling Errors
Count the mistakes: "suspicous," "acount," "you're" (should be "your"), "devce," "saftey." Legitimate companies have professional editors. Multiple spelling errors in an official email are a major warning sign. Note: AI-generated phishing is getting better, so don't rely on this alone.
Suspicious Links (Hover to Check!)
Hover over the link above — the real URL goes to amaz0n-verify.scam-site.ru. The displayed text says one thing but the actual destination is completely different. Always hover before clicking, and look for misspellings, strange domains (.ru, .xyz), or random strings in URLs.
Request for Sensitive Information
No legitimate company will ever ask for your credit card number, CVV, Social Security Number, or password via email. Ever. If an email asks for this information, it is 100% a scam. Real account verification happens on the company's official website, not through email forms.
Mismatched or Poor-Quality Branding
Low-resolution, stretched, or slightly "off" logos are common in phishing emails. Scammers steal brand images but often get the sizing, colors, or placement wrong. Compare the email's branding to what you normally see from the real company.
Unexpected Attachments
The file Invoice_Details.pdf.exe is disguised as a PDF but is actually an executable file (.exe) that can install malware. Never open attachments you weren't expecting, especially ones with double extensions or unusual file types.
Can You Spot the Phish?
Test your skills with real-world scenarios. Decide whether each email is legitimate or a phishing attempt.
Common Phishing Tactics
Scammers have a playbook. Here are the most common tricks — click each card to learn what to watch for.
Real-world example: "Hi, I'm in a meeting and can't talk. I need you to purchase 5 gift cards ($200 each) and send me the codes ASAP. This is urgent. — CEO"
What to look for: Unusual requests from executives via email (especially involving money, gift cards, or wire transfers), requests to bypass normal procedures, pressure to act urgently, and the sender asking you not to tell anyone else.
Real-world example: "UPS Notification: We attempted delivery of your package #1Z999AA10123456. A small redelivery fee of $1.99 is required. Click here to schedule redelivery."
What to look for: Unexpected tracking notifications when you haven't ordered anything, requests for small fees (they want your card info), links that don't go to the official shipping company's website, and vague package descriptions.
Real-world example: "Microsoft 365 Alert: Your account will be deactivated within 24 hours unless you verify your credentials. Click the button below to keep your account active."
What to look for: Threats of account deactivation with tight deadlines, requests to "verify" or "confirm" your login credentials, links that take you to fake login pages that look real but steal your password.
Real-world example: "Attached is Invoice #INV-4821 for $3,750. Payment is overdue. Please process immediately to avoid late fees. See attached PDF for details."
What to look for: Invoices from companies you don't do business with, urgency around overdue payments, attachments (especially .exe, .zip, or macro-enabled documents), and requests to change payment details or bank accounts.
Real-world example: "🎉 CONGRATULATIONS! You've been selected as the winner of our $10,000 Customer Loyalty Reward! Claim your prize by providing your bank account details for direct deposit."
What to look for: You can't win a contest you never entered. Real prizes don't require you to pay fees or share bank details upfront. Watch for over-the-top excitement, poor grammar, and requests for personal financial information.
Real-world example: "Windows Security Alert: We detected a critical virus on your computer. Call our Microsoft Certified Technicians immediately at 1-800-XXX-XXXX to prevent data loss. DO NOT SHUT DOWN your computer."
What to look for: Microsoft and Apple will never email you about viruses on your specific computer. Watch for phone numbers to call (they'll try to get remote access), fake warning pop-ups, and requests to install "security software" that is actually malware.
What To Do If You Suspect Phishing
Follow this step-by-step action plan when something doesn't look right.
Don't Click Any Links or Download Attachments
Even hovering can sometimes trigger tracking. If you suspect phishing, avoid interacting with any links or files in the email entirely.
Don't Reply to the Email
Replying confirms your email address is active and monitored, which makes you a target for more attacks. It also opens you up to social engineering tactics.
Verify Through Official Channels
If the email claims to be from a real company, go directly to their website (type the URL yourself — don't click links in the email) or call them using a phone number from their official site.
Report the Email
Report it so your email provider can block similar attacks:
Click the 3 dots → "Report phishing"
Click "Report" → "Report phishing"
Click "More" → "Report phishing"
Delete the Email
After reporting, delete the email and empty your trash. This prevents you from accidentally interacting with it later.
Already Clicked? Act Immediately.
- Change your passwords immediately — start with the affected account, then any accounts using the same password
- Enable two-factor authentication (2FA) on all important accounts
- Run a full malware scan with your antivirus software
- Monitor your bank accounts and credit cards for unauthorized charges
- Notify your IT department (if at work) or contact the impersonated company directly
Quick Reference Checklist
Before you click, check these 8 things. Use this as your mental checklist every time you receive an email.
Before You Click…
Check off each item to build your habit
Tip: Use Ctrl+P to print this checklist for your desk!