7 tips for spotting phishing emails


For this reason, today we are going to learn how to detect fraud by looking at various examples of phishing emails. After reading this article, you can easily identify scams and stay safe in cyberspace.

What is Email Phishing?

Phishing is a social engineering method adopted by cybercriminals to exploit the human side of an organization’s security. Phishing comes from the word “fishing”. Intuitively, this technique is a method to trick someone into clicking on a malicious link that directs them to a website where their personal information is compromised. Moreover, the hacker can install malware in their system. The most popular vector for phishing is email. Blackhat hackers design these emails as if they come from a legitimate company, bank or government agency. With proper information gathering, these emails can appear convincingly as if they were sent by one of your friends, colleagues, relatives or other acquaintances.

A quick tip to instantly identify a phishing attack

If you are not expecting an email from the sender, beware and check with the sender on another media platform like WhatsApp, Messenger, etc.

How to spot phishing emails?

1. Generic greeting:

Remember that genuine companies do not ask for any personal information via email. If you see generic greetings such as “Dear Customer”, make an effort to check whether they are legit or not. After all, overlapping doesn’t hurt anyone. Real companies already have their names in their databases, so they’ll probably call you by your name, “Dear John.”

2. Request password and encryption:

If an email asks for a password for any purpose, be sure it may be a conspiracy. Companies usually send encrypted links to reset passwords in the worst case. Never reply with your password and if you are redirected to a “Password Reset” page, look at the URL bar to see if the connection is encrypted, i.e. HTTPS://. The letter s in HTTPS stands for secure, which means it is encrypted using SSH or comparable protocols.

3. Domain emails:

Domain emails means that an email is from the actual company. To find out if an email is genuine, check the from section and note if the domain looks like the company name. Here is an example of an original PayPal email id: [email protected] If changed, it may look like [email protected] or [email protected] Although some small businesses may use Gmail, Zoho Mail, or Office 365 as email providers, always open links in safe sandbox mode. Moreover, you can compare the given address with their customer service email domain for any similarity by visiting their official website.

4. Spelling and grammatical errors:

It’s a no-brainer, because companies hire the best talent to write well-written emails. Hackers try to trick the less attentive and make them their main targets. Check for grammar and spelling errors using online tools.

5. Malicious attachments:

Carefully review any attachment sent by e-mail before opening it. It may contain harmful software like Trojans or backdoors that can compromise your PC security. If a document is not requested, immediately send this mail to the trash.

6. Misleading Hyperlinks:

Hover your mouse over any hyperlink to see if it leads to a legitimate website. If its domain is other than the sender’s website, immediately delete the email.

7. Emotional Exploitation:

No respectable company forces its customers to visit a particular website. If the mail contains psychological stressors that generate anxiety, fear, other similar emotions, this may indicate that the mail may be from a cracker.


Following these steps will ensure you don’t fall for a phishing scam. However, they do not fully immunize you against social engineering attacks. Always put your intuition above emotions and avoid clicking on unverified links. Using a sandbox environment can also be extremely beneficial. Seek technical assistance from reputable cybersecurity professionals to create one.


About Author

Comments are closed.