How to spot a phishing email
Five signs that an email is phishing — and what to do when you accidentally click.
Quinn Yoo
February 26, 2026
Five red flags
Sender's email is wrong: 'amazon-security@amaz0n-help.com' instead of '@amazon.com'. Always check the actual address, not the display name.
Urgency: 'Your account will be suspended in 24 hours.' Real companies don't write like that.
Generic greeting: 'Dear Customer' instead of your name. Real companies have your name.
Hover before you click
Hover over any link to see the actual URL (shown at the bottom of most browsers/email clients).
If the email says 'apple.com' but the link points to 'app1e-secure.net', it's phishing.
What to do if you clicked
Stop. Don't enter credentials. Close the page.
If you already entered a password: change it on the real site immediately. If banking: call your bank.
People also ask
What if I'm unsure?+
Don't click the email link. Open a browser and go to the company's website directly. If something needs your attention, you'll see it there.
Should I report phishing emails?+
Yes — Gmail/Outlook have 'report phishing' buttons. Helps train spam filters for everyone.
Why are phishing emails getting better?+
AI tools have made well-written phishing emails trivial to generate. Trust signals (sender address, link destination) matter more than spelling.