Home / News / How I Spot Phishing Emails Easily (And You Can Too)

How I Spot Phishing Emails Easily (And You Can Too)

59
fake spotify account alert email phishing scam url example

Being tech-savvy is not enough to protect against a phishing email attack. Scammers are savvy and constantly evolving and developing new techniques, and it’s easy to become a victim.




But with these proven methods, I can easily detect phishing emails.


1 Unofficial email addresses that look legitimate

You will often see email addresses that are clearly fake. If it’s a bunch of random numbers and letters followed by the provider’s domain (eg @gmail.com or @outlook.com), I normally send it to the Trash folder without a second thought. However, sometimes you will come across fake email addresses that appear to be genuine.

For example, at first glance I received emails from my bank and eCommerce stores that are hard to distinguish from the official domain. However, if you look closely, you will notice that some letters may be missing or have been added. Scammers often use similar letters and even a brand logo as their profile picture.


Fortunately, it’s easier to find real addresses. Many large companies have verified the checkmark next to senders’ emails; you may have noticed this in Gmail. You can also use several tools to find and verify email addresses.

2 Spelling and grammatical errors

Unfortunately, grammar-based identification of phishing emails has become more difficult due to generative artificial intelligence and spell-checking software; this is one of the many ways hackers use generative AI in their attacks. Still, I still check for spelling and grammar errors to see if the email is legitimate.

Unless written by AI, phishing emails are almost always in bad English. Granted, I’m a native English speaker and that gives me a huge advantage, but I don’t think you have to be to recognize these signs. Phishing emails rarely flow well, and you’ll also often notice gaps between letters and punctuation.


Email phishing attack and fake email from fake PayPal

Most brands favor consistency; you will notice the same capitalization throughout the message. However, since scammers often don’t do this, a consistency check is a subtle way to determine if an email is legitimate. If every word is capitalized in the title but not in the header or subheadings of the email, this can be a red flag.

Some phishing emails may also miss words (eg, “Let’s build a website” instead of “Let’s build a website.” Incomplete opt-outs are another potential red flag, although this is not always the case.


3 Personalization

If I ever see an email that starts with “Dear Sir/Madam”, I automatically delete it. At best, it’s an annoying throwaway email that definitely doesn’t make me want to work with someone. But at worst, it could be a phishing email trying to trick me into sending sensitive information – like my bank details.

Now, however, phishing emails have become much more personal. It is not uncommon for the sender to use your first name and may even go into detail to find out information about your friends and family. This is why you need to avoid a few social media mistakes to protect your privacy.

Phishing email senders may also try to identify your recent purchase history. For example, I often get spam emails when I buy things online (and it’s always about my shipment). These often include a call-to-action (CTA) link.

You may also see phishing emails associated with products that interest you. These types of scams are prevalent at certain times of the year; for example, it’s especially important to stay safe from scams during the holiday season.


Although some links contain a call to action, this will not always be the case. Sometimes the sender of a phishing email will include a link that is completely unrelated to the organization they are claiming to be. For example, someone can pretend to be Amazon but share a link to another app.

fake spotify account alert email phishing scam url flip example

Fortunately, these types of phishing emails are much easier to identify and avoid. First, most brands that contact you and include links will likely include some sort of CTA. But even if they don’t, the link will go to their website or service they use to track and ship orders.

Over-the-top CTAs like a few emoticons can also be a warning sign that you’re about to click on a phishing email.


Short links are not bad in themselves; you’ll often see them used on social media. But when I receive emails, I view shortened links as a big red flag – especially when I don’t know the sender.

If someone e-mails a link, I want to make sure I know the source. Seeing random letters next to each other does not earn my trust and indicates that someone is trying to take advantage.

“”>

smartphone phishing alert
1st shot/Shutterstock

I strongly recommend that you do not click on any short links you see in emails and delete the email. If someone is trying to impersonate a company, I often try to send it to their team so they can alert other customers.


6 “This message looks dangerous”

I mainly use Gmail and luckily the app is very good at warning me when I might be looking at a potentially threatening email. You’ll often see a message in red that says, “This message looks dangerous,” and even though I’ve been using the service for over five years, I’ve yet to see a time when it was wrong.

AND

When you use Google Workspace, Gmail notifies you when someone outside your organization sends you a message. Not all of these messages are dangerous, and frankly, most will be fine – but if you’re suspicious, you might want to keep that in mind.

As AI develops, it may become harder for email providers to flag messages as dangerous. So knowing how to protect yourself from AI scams in Gmail — and doing the same with other networks — is essential.


7 The language used

I’ve noticed that many phishing emails try to create a sense of urgency. For example, I can’t stop counting the number of times someone has asked me to send money for an important surgery. Another common phishing email I’ve seen is trying to tell me that one of my subscription payments has failed; this is especially difficult because they often impersonate services that I actually use.

“”>

Fake Twitter verification email
Image Credit: Bleeping Computer

Even if you have decades of marketing experience, these emails can be annoyingly persuasive. Other than verifying the sender, I try not to take any action on the messages I send without first taking a step back and thinking. If you revisit a phishing email, you can often notice intricate details that will prevent you from falling victim to it.


While phishing emails are becoming more sophisticated, you can still often identify when a message is legitimate. Watch out for spelling and grammar mistakes and check all email addresses before replying. You should also be very careful before clicking on links.

Comments