Phishing emails try to trick you into handing over a password, clicking a malicious link, or giving away personal details. They're designed to look like messages from banks, delivery companies, or services you use. Here's how to see through them.

Check the Sender's Email Address

The name that shows in bold might say "Amazon" or "HSBC" — but the actual email address tells a different story. Click or hover on the sender name to reveal the real address. Watch for:

  • Addresses that don't match the company (e.g. [email protected])
  • Misspelled domains (micros0ft.com, paypa1.com)
  • Long random strings before the @ symbol
  • A real company name buried in a longer domain (amazon.verify-account.com is not Amazon)

Watch for Urgency and Threats

Phishing emails almost always create a sense of panic. Phrases like "Your account will be closed in 24 hours", "Unusual activity detected", or "Action required immediately" are designed to make you click without thinking. Legitimate companies don't communicate this way.

Don't Trust Links — Check Before You Click

Hover your mouse over any link in the email (don't click it) and look at the URL that appears at the bottom of your screen. The domain right before .com, .co.uk, or .ca is what matters. If it doesn't match the company exactly, don't click. When in doubt, go directly to the website by typing it yourself in a new browser tab.

Look at the Greeting

Real companies you have an account with usually know your name. Generic greetings like "Dear Customer", "Dear User", or "Hello valued member" are a warning sign.

Check for Spelling and Formatting Issues

Poor grammar, odd spacing, or a logo that looks slightly off can all indicate a fake. That said, some phishing emails are now very polished — don't assume it's safe just because it looks professional.

Unexpected Attachments

Never open an attachment you weren't expecting, especially .zip, .exe, .doc or .pdf files. Even if the email appears to be from someone you know, their account may have been compromised.

If you're not sure, don't click. Go directly to the company's website or call their official number. Reporting suspicious emails to your email provider (usually via a "Report phishing" or "Report spam" button) helps protect others too.

If you've already clicked a suspicious link or entered information, see our guide on what to do if you think you've been compromised, or ask us directly.