How do I protect myself from phishing emails?
Hover over links before clicking, check the sender's full email domain character by character, and go directly to the organisation's website instead of following any link in an email about your account.
Last reviewed: 10 June 2026
Explanation
Phishing emails impersonate banks, shipping companies, government agencies, online retailers, and popular platforms to trick recipients into clicking a link that goes to a fake login page or downloads malware. The emails are often visually identical to the real organisation's communications — same logo, same colour scheme, same sign-off — but there are reliable tells if you know where to look.
The sender's email address is the first check. Phishers use domains that look similar to the real one: paypa1.com, amazon-customerservice.net, or [email protected]. The part that matters is the domain after the last '@' — not whatever is displayed as the sender's name. Hover your mouse over the sender's name to reveal the full email address, then read the domain carefully character by character.
Links inside the email are the second check. Hover over any link before clicking to see the actual URL in your browser's status bar. The visible text can say 'Click here to verify your account' while the underlying URL points to an entirely different domain. A mismatch between what the link says and where it goes is a red flag. For anything important, do not click the link at all — open a new tab and navigate directly to the organisation's website.
Enable your email provider's phishing warnings. Gmail, Outlook, and Apple Mail all flag suspicious senders with banner warnings. Pair this with a reputable antivirus or endpoint security product that scans email attachments before you open them. Be particularly alert to emails creating urgency: 'Your account will be suspended in 24 hours,' 'Unusual sign-in detected — verify now,' or 'Your package is on hold — pay customs fee to release.'
Common red flags
- Sender domain has extra words, numbers, or subtle misspellings compared to the real brand
- Link URL does not match the organisation it claims to come from when you hover over it
- Urgent language about account suspension, delivery failure, or legal action
- Attachment you were not expecting, especially with extensions like .exe, .zip, or .docm
- Generic greeting ('Dear Customer') from an organisation that should know your name
- Email asking you to confirm personal details or re-enter payment information
What to do now
- Before clicking any link in an email, hover over it and read the full URL
- Check the sender's full email address — not just the display name
- For any email about your accounts, go directly to the site by typing the URL
- Enable phishing warnings in your email client and keep them turned on
- Do not open unexpected attachments — scan them first or contact the sender via a separate channel
- Report phishing emails to [email protected] and your email provider's report-spam function
Frequently asked questions
What is spear phishing?
Spear phishing is targeted phishing where the attacker uses personal information — your name, employer, recent purchases, or colleague names — to make the email appear more credible. It is harder to spot but the same rules apply: verify the sender domain and go directly to the site rather than following the link.
Can I get infected just by opening an email?
Modern email clients make this rare, but some vulnerabilities exist with HTML email and preview panes. Clicking links and opening attachments remain the main risks. Keep your email app updated and disable automatic image loading from unknown senders if the option is available.