How to recognize a phishing email
Learn to spot the warning signs of a phishing email before you click a link or enter any information.
Phishing emails are designed to look real. They impersonate banks, Google, Microsoft, delivery companies, and colleagues to trick you into giving away your password or sending money. Knowing what to look for is your best defence.
Quick summary
Phishing emails try to get you to click a link and enter your password, or take an urgent action like making a payment. Warning signs include: urgency or threats, unexpected requests, suspicious sender addresses, and links that don't go where they claim. When in doubt, go directly to the service's website by typing the URL yourself.
What is phishing?
Phishing is a type of scam where attackers send emails pretending to be someone you trust — your bank, Google, Microsoft, a government agency, or even a colleague. Their goal is usually one of:
- Getting you to enter your password on a fake website
- Getting you to approve a fraudulent payment
- Getting you to download malicious software
The word comes from "fishing" — they cast a wide net hoping some people take the bait.
Common red flags
1. A sense of urgency or threat
Phishing emails often create panic: "Your account will be closed in 24 hours," "Unusual sign-in detected," "Immediate action required." Real companies rarely use this tone for routine communications.
2. An unexpected request
If you receive an email asking you to do something you weren't expecting — click a link to verify your account, approve a payment, or provide personal information — be suspicious, especially if you didn't initiate anything.
3. The sender's address looks wrong
Look at the full email address, not just the display name. A scammer can make the name say "Google Support" while the actual address is support@google-help-desk-27.com. The display name can be anything — the address is harder to fake.
- Legitimate Google emails come from
@google.comdomains - Legitimate Microsoft emails come from
@microsoft.comdomains - Watch for:
@google-security.net,@paypal-security.com, extra hyphens, unusual domains
4. The link goes somewhere unexpected
Hover over a link before clicking it. The URL that appears in the status bar (usually at the bottom of your browser) should match where the link claims to go.
- Legitimate:
https://accounts.google.com/signin - Suspicious:
https://accounts-google-signin-verify.com/user
Even one wrong character can mean a fake site. When in doubt, open a new browser tab and type the address yourself.
5. Poor spelling, grammar, or formatting
Many phishing emails contain errors — unusual phrasing, strange capitalization, or odd formatting. Though some attackers now use AI to write polished emails, errors are still a common indicator.
6. Generic greetings
"Dear Customer" or "Dear User" — real services that have your name usually use it. A generic greeting can indicate a mass-sent phishing attempt.
7. Attachments you didn't expect
An unexpected invoice, shipping notice, or document attachment should be treated with suspicion. Attachments can contain malware (software that infects your computer when opened).
Common phishing scenarios for businesses
| Scenario | What to watch for |
|---|---|
| "Verify your Google account" | Links to a fake Google login page |
| "Microsoft security alert" | Links to a fake Microsoft login page |
| "Invoice from [supplier]" | Attachment contains malware |
| "Payment request" from a colleague | Attacker has access to a real inbox or is using a lookalike address |
| "Pending delivery" from a courier | Link to a fake fee payment page |
Don't trust the sender's name alone
Email display names can be set to anything. An email that says it's from "Jane Smith — your accountant" might actually come from an attacker's address. Always check the actual email address (not just the display name) if something feels off.
What to do if you receive a phishing email
Don't click any links or open attachments. Close the email.
If you're unsure, verify through a different channel. Call the person or visit the service's real website directly (type the address in your browser — don't copy the link from the email).
Report it as phishing in your email client — Gmail and Outlook both have a "Report phishing" option. This helps protect others.
Delete the email from your inbox.
What to do if you clicked a suspicious link
Don't enter any information on the page the link opened.
Close the browser tab or window immediately.
Change your password for the relevant account right away — don't wait.
Enable two-factor authentication if you haven't already.
Tell your IT contact or Chykalophia — it's better to report a false alarm than to leave a real compromise undetected.
Common questions
Related guides
- Email security basics
- How to recognize phishing attempts
- Business email compromise explained
- What to do if an account is compromised
- Two-factor authentication explained
Need a hand?