Email Phishing • Scam Awareness

How to Spot a Phishing Email Before It Costs You Money

Phishing emails are designed to steal your passwords, banking details, and identity. Learn the simple red flags that expose email scams before you click.

Start Email Training View All Modules
Real-world red flags
Safer link habits
Credential protection
Quick takeaway
Most phishing emails rely on urgency, fear, and fake links. If you slow down and verify first, you can stop the scam before it works.

Verified by GonePhishing.com

Phishing emails are one of the most common online scams. They are designed to trick you into clicking a malicious link, opening a dangerous attachment, sending money, or sharing sensitive information such as passwords, banking details, or personal records.

A phishing email may pretend to come from Amazon, your bank, Microsoft, PayPal, your employer, a government agency, or even someone you know. The scam works by making the message feel urgent, believable, and important enough that you act before verifying it.

What is a phishing email?

A phishing email is a fraudulent message that impersonates a trusted company, service, or person in order to manipulate you. The goal may be to steal login credentials, collect financial information, infect your device with malware, or pressure you into making a payment.

Some phishing emails are mass scams sent to thousands of people. Others are more targeted and use personal or business details to look more convincing.

How phishing emails work

  • The attacker sends an email that looks legitimate
  • The message creates urgency, fear, or curiosity
  • You are pushed to click a link, open an attachment, or reply
  • The scammer steals your credentials, money, or sensitive information

7 red flags of a phishing email

1. Urgent threats or scare tactics

Messages like “Your account will be suspended,” “Suspicious login detected,” or “Immediate action required” are classic phishing tactics. Scammers create panic so you act before thinking.

2. Suspicious sender address

The display name may say “Amazon Support” or “Microsoft Security,” but the actual sender address may be unrelated, misspelled, or from a strange domain. Always inspect the full sender email carefully.

3. Mismatched or suspicious links

Hover over links before clicking. If the visible text suggests one website but the preview shows something different, that is a major warning sign.

4. Unexpected attachments

Phishing emails often include files labeled as invoices, voicemails, account notices, or forms. These attachments may install malware or attempt to steal information.

5. Generic greetings

Emails that start with “Dear Customer” or “Dear User” instead of your real name can be suspicious, especially when they claim to be from a company that should know who you are.

6. Odd grammar, tone, or formatting

While many scams now look polished, unusual phrasing, inconsistent branding, or awkward formatting can still be signs that the message is fraudulent.

7. Requests for sensitive information

Legitimate companies do not ask for your password, Social Security number, full card details, or one-time security code by email.

Common examples of phishing emails

  • Fake Amazon security alerts
  • Password reset emails you did not request
  • Bank fraud warnings asking you to “verify” your account
  • Messages claiming you missed a package delivery
  • Emails from a fake boss, vendor, or coworker

What to do if you receive a phishing email

  1. Do not click any links
  2. Do not download attachments
  3. Do not reply with personal or financial information
  4. Report the email to your provider, workplace, or IT team if applicable
  5. Delete the message after reporting it

What to do if you already clicked

If you clicked a phishing link, act quickly. Change your password for the affected account immediately, enable multi-factor authentication, and review recent account activity. If you reused that password anywhere else, change those accounts too.

You should also read: What Happens If You Click a Phishing Link?

How to prevent phishing email attacks

  • Use strong, unique passwords for important accounts
  • Enable multi-factor authentication
  • Bookmark official websites instead of clicking email links
  • Verify requests independently when an email feels urgent
  • Pause before acting on account alerts or payment requests
  • Complete regular security awareness training

Practice spotting phishing emails

Reading about phishing helps, but practicing detection builds instinct. The more examples you see, the easier it becomes to recognize fake sender details, dangerous links, and emotional manipulation before the scam works.

Start Email Phishing Training

Frequently asked questions

How can I tell if an email is phishing?

Look for urgency, suspicious sender addresses, fake links, unexpected attachments, generic greetings, and requests for sensitive information. When in doubt, verify directly with the company or person another way.

What happens if I click a phishing link?

Clicking a phishing link may take you to a fake login page, expose your password, trigger malware, or lead to additional scam attempts. If you interacted with the message, secure your accounts right away.

Are phishing emails illegal?

Yes. Phishing is a criminal fraud tactic used to steal money, credentials, and identity-related information. The challenge is that many attackers operate anonymously or across borders.

Related email phishing articles