Phishing emails try to trick you into handing over a password, clicking a malicious link, or giving away personal details. They're designed to look like messages from banks, delivery companies, or services you use. Here's how to see through them.
Check the Sender's Email Address
The name that shows in bold might say "Amazon" or "HSBC" — but the actual email address tells a different story. Click or hover on the sender name to reveal the real address. Watch for:
- Addresses that don't match the company (e.g.
[email protected]) - Misspelled domains (
micros0ft.com,paypa1.com) - Long random strings before the @ symbol
- A real company name buried in a longer domain (
amazon.verify-account.comis not Amazon)
Watch for Urgency and Threats
Phishing emails almost always create a sense of panic. Phrases like "Your account will be closed in 24 hours", "Unusual activity detected", or "Action required immediately" are designed to make you click without thinking. Legitimate companies don't communicate this way.
Don't Trust Links — Check Before You Click
Hover your mouse over any link in the email (don't click it) and look at the URL that appears at the bottom of your screen. The domain right before .com, .co.uk, or .ca is what matters. If it doesn't match the company exactly, don't click. When in doubt, go directly to the website by typing it yourself in a new browser tab.
Look at the Greeting
Real companies you have an account with usually know your name. Generic greetings like "Dear Customer", "Dear User", or "Hello valued member" are a warning sign.
Check for Spelling and Formatting Issues
Poor grammar, odd spacing, or a logo that looks slightly off can all indicate a fake. That said, some phishing emails are now very polished — don't assume it's safe just because it looks professional.
Unexpected Attachments
Never open an attachment you weren't expecting, especially .zip, .exe, .doc or .pdf files. Even if the email appears to be from someone you know, their account may have been compromised.
If you've already clicked a suspicious link or entered information, see our guide on what to do if you think you've been compromised, or ask us directly.