How to Spot Phishing Emails
5 minute read
Learn the warning signs that an email might be fake.
Phishing emails pretend to be from companies or people you trust to steal your information. Here’s how to catch them.
The Warning Signs
1. Check the sender’s actual email address
The display name might say “Amazon” but look at the actual email:
| Looks Like | Actually From | Verdict |
|---|---|---|
| Amazon | [email protected] | ✅ Legit |
| Amazon | [email protected] | ❌ Scam |
| Amazon | [email protected] | ❌ Scam (zero not “o”) |
| Amazon | [email protected] | ❌ Scam |
How to check: Click or tap on the sender’s name to reveal the actual email address.
2. Look for urgency and threats
Scammers want you to panic and act without thinking.
Red flag phrases:
- “Your account will be suspended in 24 hours”
- “Immediate action required”
- “You will be arrested if you don’t respond”
- “Your payment was declined—update now”
- “Unusual sign-in activity detected”
Real companies rarely threaten you or demand immediate action.
3. Hover over links before clicking
On a computer, hover your mouse over any link (don’t click!). Look at the bottom-left of your browser to see where it actually goes.
| Link Text | Actually Goes To | Verdict |
|---|---|---|
| amazon.com/account | amazon.com/account | ✅ Legit |
| amazon.com/verify | amaz0n-secure.com/verify | ❌ Scam |
| Click here | bit.ly/2xK9dL3 | ⚠️ Suspicious |
On phone: Press and hold (don’t tap) to preview the link.
4. Watch for generic greetings
Legitimate companies usually know your name.
- “Dear John Smith” → More likely real
- “Dear Customer” → Could be mass phishing
- “Dear User” → Could be mass phishing
- “Dear [your email address]” → Red flag
5. Check for spelling and grammar
Major companies proofread their emails. Multiple errors in one email = red flag.
However: Scammers are getting better. Perfect grammar doesn’t guarantee legitimacy.
What Real vs Fake Looks Like
Fake Amazon email:
From: Amazon Security <[email protected]>
Subject: Your Account Has Been Locked!!!
Dear Valued Customer,
We have detected unusual activity on you’re account. You must verify your information within 24 hours or your account will be permanently suspended.
Click here to verify: [Verify Now]
Red flags: Wrong sender domain, urgency, generic greeting, grammar error (“you’re”), threatening language.
Real Amazon email:
From: Amazon.com <[email protected]>
Subject: Your Amazon.com order of “USB Cable” has shipped
Hello John,
Your order has shipped! Track your package: [Track Package]
Order #123-4567890-1234567
Signs of legitimacy: Correct domain, no urgency, uses your name, specific order details you recognize.
When You’re Not Sure
-
Don’t click anything in the email
-
Go directly to the website — Type amazon.com (or whatever company) in your browser yourself
-
Log in normally — If there’s a real problem with your account, you’ll see it there
-
Call the company — Use the phone number from their official website, not from the email
-
Forward suspicious emails — Many companies have a phishing report address:
- Amazon: [email protected]
- PayPal: [email protected]
- Apple: [email protected]
Quick Summary
✓ Check the sender’s actual email address (not just the display name)
✓ Be suspicious of urgency and threats
✓ Hover over links before clicking
✓ When in doubt, go directly to the website yourself