How to Spot a Phishing Email - 10 Clear Signs

Reading time icon 11 min. read


Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

how to spot a phishing email

Most of the malware, viruses, and other such dangers can be blocked by antivirus and antimalware programs.

But there’s nothing that can protect you from the trickery that comes directly from another human.

Well, nothing except for your own wits and knowledge on how to recognize the threat.

And that’s exactly what we’ll show you in this article.

Read on to learn how to spot a fake email and protect your data.

What is a phishing email?

One of the most direct ways of hacking, which has also grown to be surprisingly popular lately, is via phishing emails.

If you don’t know what those are, the concept is pretty simple.

A hacker will create a fake login page that will resemble pretty closely the login page of some real service.

It will then send it to you via email and try to trick you into going there and logging in.

Of course, your login attempt will fail, but now, the hacker will have your credentials.

Phishing email example

phishing email example

Falling for this sort of bait is surprisingly easy.

Sure, it seems unusual to get a special email from your bank. Or some other service that asks you to go to your account, and even sends a login link.

However, it all seems legitimate and official. An add the fact that they will say anything to get you to try and get to your profile.

Lately, many hackers contacted their victims and pretended that there was something wrong with their taxes, bank accounts, and alike.

When you receive a notice like that, your first thought is that there’s another problem that needs fixing. Not many people suspect that someone’s trying to trick them, and that’s what the hackers are counting on.

All it takes is a single moment of dropping your guard or not paying attention. Just like that, you become a victim.

Luckily, there are several ways for you to recognize phishing emails. Despite their official look and the number of fake explanations that they provide, they’re not 100% copies.

The fact is that these scams often have a lot in common. So there are patterns that you might want to watch out for.

We are able to point them out for you.

How to spot a phishing email

Make sure not to click on any link or provide any information to an email that has any of the following:

1. Asks for personal info

Despite the fact that email looks and feels private, it’s probably not.

At least not completely. Banks and other services are aware of that, and they would never risk asking for or sharing any confidential info to be sent to them via email.

That means that you’d never get a request for confirming your password, credit card number, or anything else like that.

Your real bank or another service might contact you via email, but they would probably invite you to come and deal with an issue, instead of doing business over email.

No, if someone asks for your personal info via email, it’s almost definitely a scam, and you shouldn’t fall for it.

2. Fake display names

Most scammers know how to play their victims professionally, and they have to present themselves in a reader-friendly way in order to even get you to open their email.

Don’t fall for that, but instead, check their email address. If you find it to be suspicious, don’t open anything, it could be a trap.

3. Fake domains

Pay attention to the domain of the email. An easy way to spot a phishing email is by paying attention to the domain name of the sender. Most times it’s similar to the real thing, but not quite.

The domain is part of an email address that comes after the @ symbol.

Scammers can’t really use real domains for their illegal actions. So they often create fake ones.

These might contain things like different letters, and it’s possible for you not to notice things like that on the first, casual look.

That’s why it’s important for you to inspect the email address of the sender as thoroughly as you can.

For example, if someone tried to trick you into thinking that they’re PayPal, they might use the email address with a domain that says @pay-pal.com.

Seems legit at first glance, doesn’t it?

Well, it’s not.

The real one is @paypal.com. The change is minimal, and many might not even realize that something’s wrong until it’s too late.

4. Counterfeit logos

Fake emails will do their best to copy the originals, but at the end of the day, that’s what they are – only copies.

Most of the time, they’re obviously imperfect, and all it takes to notice that is one hard look.

When it comes to counterfeit logos, they are mostly copied from the real website of the real service.

The version that the scammers might use will probably be in lower resolution, or maybe even altered in some way.

It’s a good idea to compare it to the one that you know it’s legitimate.

You can go to the real service’s website and compare it to that one, or even better, compare it to the one from the older emails, ones that you’re sure are real.

Other than that, you can check the FAQs and Help sections on the service’s real website.

If someone’s impersonating them on a regular basis, chances are that they’re aware of it and that they will warn their users about it.

If a link looks weird to you, and not like something that you’d expect from the service that has contacted you, trust your instincts and don’t open it.

We’ve already mentioned that some of those links might lead to a fake login page, but some of them might even lead to malicious websites, and only opening them might start the process of downloading some threat on your device.

This advice is something obvious, and you probably think that you’d never do something like that anyway.

Still, when you’re in a rush, and you’ve just received disturbing information, you’ll try to find out all that you can about it.

That might include clicking on a provided link, and even if you realize what you’ve done even a second after you’ve clicked it, it may already be too late.

6. Bad grammar and spelling

Bad spelling doesn’t necessarily mean that the email is part of a phishing scam, but it’s definitely something to watch out for.

Official services may not be perfect themselves, but they would never allow themselves bad grammar and irresponsible typing errors.

Simply take your time, read the email carefully and patiently, and make sure that everything seems legitimate before opening anything else.

Half the problems wouldn’t exist if we didn’t constantly rush things, keep that in mind.

7. Malicious attachments

Attachments are another way that scammers are using to get your device infected with malware.

Most of the time, scammers would try to trick you into giving away your data by yourself, but some of the more aggressive ones might fill you up with spyware, ransomware, or some other, similar threat.

Opening attachments would mean the start of a downloading process, and you should avoid it at all costs. If there’s anything at all that might seem out of place, don’t click on it.

Some email services have some level of detecting and altering you about the fact that some attachments may be malicious.

That said, keep an eye open for yourself because these systems aren’t foolproof.

8. Greetings are impersonal and vague

Keep an eye out for this, since it’s one of the more obvious clued that you’re dealing with a phishing email.

Hackers that are sending the phishing emails have probably got their victim’s addresses from the hack of some other service.

They probably didn’t even do the hacking themselves, but instead, they simply bought the data, including your email.

So, they now have a bunch of email addresses and they are going to try and scam people.

They won’t type each email individually because that takes too much time. Instead, they would sooner generate a message that they would send to everyone at the same time.

That would make emails seem not very personable and vague.

On the other hand, their salutation might even be a bit too friendly and unprofessional. It’s hard for them to find the middle ground, and so they are often easy to spot.

Still, there are some types of phishing emails that are used for targeting specific groups of people.

They might be connected to their interests, jobs, or some other aspects. Those are usually more precise, and therefore more successful as well.

This method is called spear-phishing, and despite it having the most success, it’s pretty rare, and such precise scams are smaller in number.

It’s much easier to just send one, big, vague email to tens or hundreds of addresses and wait for at least some results.

9. Email is written with an alerting tone

Many of the phishing emails will use words that are expected to put you in a state of fear or anxiety.

Their primary purpose is to create a sense of emergency. This is one of the most common ones and if you pay attention to it you’ll spot the phishing email right away.

This is one of the psychology games that these scammers use because they know that they must play on your feelings.

Someone who’s in such a state will often hurry to see what the problem is and how can it be fixed.

They won’t bother with checking the grammar, or whether the email address looks legitimate or not if there’s a possibility that they have a major tax problem.

That’s what the scammers are counting on, and they’ll try to put their victims in such a state of mind.

Once they’re panicking, they might click on anything. Even go to a malicious website, despite their better judgment.

10. Fake digital signatures

Real services are aware that they’re constantly being impersonated by scammers, which is why they are including personal digital signatures as proof that they are the real deal.

Most of the time, it’s some sort of stamp that might come as an attachment. Examples of this are smime.p7 that Mac OSX and iOS email users might be familiar with.

If the attachment that comes with an email seems fishy to you, or if there isn’t any at all, then the sender should definitely be considered suspicious.

If you find yourself in such a situation, decide carefully what you’re going to do next.

Examples of phishing attacks

One of the best examples of how phishing attacks work is the incident when the criminals managed to steal and use the identity of the Irish government.

They then used it for targeting users of PayPal. They did it by creating a fake address and pretending to be a government agency.

By using this method, they managed to bypass security measures like spam filters and got to PayPal users’ inboxes.

Everything looked real and official, and a message that tried to put users in a state of emergency was displayed when the email was opened.

Victims were told that their accounts are going to be limited and that they must contact PayPal urgently to restore them properly.

Of course, they conveniently provided a link instead of a phone number, and then they simply waited for panicking users to get affected by their scam.

Another similar scam occurred when hackers imitated the Royal Bank of Scotland. They demanded from users to verify their account details via email so that their account security would be updated, and their accounts more secure.

It doesn’t hurt to be skeptical

The internet is a great place, but it’s naive to think that it’s not dangerous. Paranoia about these things might be a problem, but healthy skepticism is highly advised.

You should always do whatever you can to check the legitimacy of the email, as well as its sender’s.

Call them on the phone, just make sure that you use the number from the official website and not the one provided by the suspicious email.

We also suggest you also keep your antivirus software enabled.

Moreover, to protect your private data and prevent these attackers from getting precious information like your location and IP address, always use a VPN.


Related reads:


Spotting phishing emails will save you time and money

By following the tips that we have provided, you should be safe from becoming a phishing attack victim. Simply keep them in mind, and don’t allow any email to put you in a state of panic or play with your feelings.

There’s nothing so urgent that would be sent to you via email, at least not when the legitimate email is in question.

We hope that by the end of this guide, you’ll be able to spot phishing emails easily so you won’t have to go the extra mile to get your data back.

User forum

0 messages