How to Spot a Phishing Email

Di /

Phishing emails are getting harder to spot. AI-generated messages are more convincing than ever, and even tech-savvy people get caught. Here’s how to identify a phishing attempt before you click.

1. Check the sender’s email address

The display name can say anything. Always check the actual email address behind it.

  • Real: support@paypal.com
  • Fake: support@paypa1-security.com or support-paypal@gmail.com

Hover over the sender name (desktop) or tap it (mobile) to reveal the full address. If the domain doesn’t match the real company, it’s phishing.

2. Look for urgency and fear tactics

Phishing emails try to rush you. Common triggers:
– “Your account will be suspended in 24 hours”
– “Unauthorized login detected — verify now”
– “You’ve won a prize — claim within 24 hours”

Legitimate companies don’t pressure you to act immediately.

3. Check the links without clicking

Hover over any link in the email. The tooltip shows the real URL. If it looks wrong, don’t click.

  • Real: https://www.amazon.com/your-account
  • Fake: https://amazon-secure-login.xyz/verify

4. Look for spelling and grammar mistakes

Professional companies proofread their emails. While AI has reduced the obvious errors, many phishing emails still have subtle issues: awkward phrasing, inconsistent branding, or odd formatting.

5. Verify through official channels

If an email from your bank asks you to verify your account, don’t click the link. Open your browser, go to the bank’s official website, and log in there. If there’s a real issue, you’ll see it in your account dashboard.

6. Watch for attachments you didn’t ask for

Unexpected attachments are a major red flag. Invoices for purchases you didn’t make, “shipping documents” for packages you didn’t order, or “resumes” from candidates you didn’t hire — all classic phishing delivery methods.

Red flags checklist

  • [ ] Sender email doesn’t match the company domain
  • [ ] Email creates urgency or threat
  • [ ] Generic greeting (“Dear valued customer” instead of your name)
  • [ ] Suspicious link (hover to check)
  • [ ] Misspellings or odd grammar
  • [ ] Unexpected attachment
  • [ ] Request for personal information (password, SSN, credit card)

What to do if you clicked

  1. Don’t panic — acting fast limits the damage
  2. Change the password on the compromised account immediately
  3. Enable 2FA if it wasn’t already on
  4. Scan your computer with your antivirus
  5. Check recent account activity for unauthorized actions
  6. If you entered financial details, contact your bank

Verdict

Phishing is the most common attack vector in 2026 — and it’s getting more sophisticated. The best defense is a healthy skepticism: if an email feels off, it probably is. When in doubt, navigate to the website manually instead of clicking.

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *

Torna in alto