How do I spot a phishing email in general?
Phishing emails create false urgency, impersonate trusted brands, and contain links or attachments designed to steal your credentials or install malware — slowing down and checking the sender address protects you.
Last reviewed: 10 June 2026
Explanation
Phishing emails work by exploiting the conditions most likely to make you act without thinking: urgency, authority, and fear. A well-crafted phishing email is indistinguishable from the real brand's communications in terms of logos and layout, which is why looking beyond the visual presentation is essential.
The first check is the sender's email address, not just the display name. A display name can read 'PayPal Security Team' while the actual address is [email protected]. Click or tap on the sender name to reveal the full address. If the domain does not exactly match the company's official domain, treat the email with deep suspicion.
Next, hover over any link without clicking. The URL shown at the bottom of your email client or browser reveals the true destination. Look for the actual domain at the end of the URL path — not in a subdomain or prefix. If you are unsure, do not click. Open the company's site in a separate tab by typing the address.
Attachments in unexpected emails are equally dangerous. A PDF, Word document, or ZIP file from an unverified sender can contain malware that installs silently when opened. Be especially wary of files asking you to 'enable macros' or 'enable content' — this is a standard malware delivery mechanism.
Common red flags
- Email creates extreme urgency — account will be closed, arrest is imminent, parcel on hold
- Sender display name matches a known company but the email address domain does not
- Link destination (shown on hover) goes to an unexpected domain
- Generic greeting such as 'Dear User' or 'Dear Customer'
- Unexpected attachment, especially one asking to enable macros
- Grammar or spelling errors that a professional company would not have
- Asks for your password, security questions, or full card number by email
What to do now
- Do not click links or open attachments
- Report the email to your email provider using the 'Report phishing' option
- Forward UK phishing emails to [email protected]
- Forward US phishing emails to [email protected] and to the brand being impersonated
- Block the sender and delete the email
- If you did click, change passwords for any account involved and enable 2FA
Frequently asked questions
Can a phishing email infect my device just by opening it?
Reading plain text emails is safe. Risk comes from clicking links or opening attachments. HTML email images can confirm your address is active, but do not install malware by themselves.
My company has spam filters — can phishing still reach me?
Yes. Sophisticated phishing emails pass spam filters by using legitimate email infrastructure or clean domains. No filter is 100% effective.
What is spear phishing?
Spear phishing targets a specific person using personalised details (your name, employer, recent activity) to seem more credible. The same verification steps apply: check the sender address and go to the site directly.