How to Spot a Phishing Email – 7 Red Flags to Look For

It only takes one employee to click a malicious link or download an attachment that could result in your company’s information being stolen. Learn the telltale signs of phishing emails to help employees avoid these cyber-criminal attacks. Look for inconsistencies in links, addresses, and domains. You can also hover over links to see where they lead before clicking.

Phishing emails often use links that don’t match the sender’s domain. This simple trick makes it hard to distinguish the email’s origin. An excellent way to test a link is to hover over it. It should show a preview of the website it will send you to. If the link doesn’t match the website displayed, it’s a sign that you should be suspicious.

Additionally, phishing emails often have a sense of urgency or a threat to encourage recipients to take action quickly. Any requests that demand urgent attention are likely phishing attempts. It’s best to avoid sharing sensitive information over email and directly contacting the company or individual in the message. Also, be cautious of emails that request you transfer funds without going through your organization’s normal payment approval process.

Bad grammar and spelling

Many phishing emails are riddled with grammar and spelling mistakes. Hackers use this standard trick to make their emails seem less authentic and more “real.” Remember that the ITS Help Desk will never ask you to click on a link to verify your identity or provide information about your account. It’s essential to spot these mistakes as they can be a big giveaway that the email is a scam. Legitimate companies usually hire professional copywriters to ensure their emails contain correct grammar and spelling. Another way to check the accuracy of an email is by hovering over the link. This will show you the website it is linking to. Look for suspicious websites that don’t match the content of the email.

Strange message styles

Often, the sender of a phishing email will pretend to be someone the recipient knows. This could be a family member, a coworker, a famous person, or a company they do business with. In addition to spelling and grammatical errors, watch out for an unusual message style. Legitimate emails from businesses you know and trust will have a professional tone. If you receive an email that starts with generic phrases such as “to whom it may concern” or “sir/ma’am,” this is a sign something is wrong. Additionally, if the email contains an attachment not alluded to within the body of the message, this is another red flag. Hover your cursor over any link in an email to see the URL it is connecting to.

Unusual attachments

Unless you expect one, an unexpected attachment in an email can be a red flag. Legitimate emails with attachments usually include a description of what they are. Attachments with unusual file extensions are standard in phishing attacks because they can hide malware and viruses within them. It is also worth considering the message itself. Often, phishing emails include a sense of urgency or fear to get recipients to act without thinking. This can be by clicking on a link, entering login credentials into a fake website, or downloading an attachment containing malware.

Unusual links

It’s common for phishing emails to contain links that lead to sites that aren’t legitimate. These links can hide malicious code or inadvertently download malware onto a device. You can avoid these threats by hovering the cursor over a link before clicking it. You’ll usually see the site’s actual address you will be doing this. Another standard indicator of phishing is generic salutations, such as “Dear valued member” or “Dear account holder.” This can be particularly dangerous when sent from someone who typically uses formal greetings in their professional correspondence. Some phishing messages attempt to create a sense of urgency, such as telling the recipient that their account will be deactivated unless they click a link or download an attachment. These emails should always be treated with suspicion, as they may contain malware that could steal sensitive information or infect devices.


Even if your organization has the most advanced security system, it takes just one unsuspecting employee to give away sensitive information. To avoid phishing attacks, employees should be on the lookout for emails that create an unneeded sense of urgency or fear. Attackers use this tactic to trick recipients into rushing to take action and ignore other email red flags. For example, if an email claims to be from your IT department and asks for software to be downloaded, it’s probably a scam. Remember to constantly hover over links to see the address before clicking on them. Also, be wary of emails requesting personal financial information and consider reporting the email as a phishing attack.

Too good to be true

It is essential for everyone, but especially those who handle company or personally sensitive information, to be aware of the common phishing ‘red flags.’ Attackers use phishing to trick recipients into entering their passwords, account information, or other personal data into forms on fraudulent websites that hackers can then use. It is also wise to be wary of emails that seem too good to be true, such as a shipping confirmation that looks like it came from your HR department or an urgent warning that you will lose access to something if you don’t respond quickly. Remember to hover over links and check their URLs, as attackers are often very good at disguising their malicious emails.