Guides

How to Spot and Avoid Phishing Emails

by Nikhil Shah
written by Nikhil Shah
phishing emails

Phishing emails are one of the oldest tricks in the book — and unfortunately, they still work. Every day, people fall for fake emails that look like they’re from banks, delivery companies, or even colleagues, only to end up handing over passwords, bank details, or downloading malware.

Spotting a phishing email isn’t always obvious, especially now that scammers are using better design and more believable language. But there are red flags to watch for. I’ll walk you through what to look out for and how to avoid getting caught out.

What Is a Phishing Email?

A phishing email is a message designed to trick you into giving up sensitive information. This might be your login credentials, credit card number, or even access to your company’s systems. Some emails try to get you to click on a malicious link, download a dodgy attachment, or reply with personal details.

They often pretend to be from trusted sources like:

  • Your bank
  • PayPal or Amazon
  • Delivery services (Royal Mail, DPD, etc.)
  • HMRC
  • Your company’s IT department

Now let’s talk about how to spot them.

1. Look Closely at the Sender’s Email Address

It might say it’s from “PayPal Support” or “Microsoft Security”, but tap or hover over the sender’s name and you might see something like:

  • paypal@secure-notify.biz
  • security@micros0ft.com

That’s a red flag. Real companies send from domains that match their official websites, like @paypal.com or @microsoft.com. Misspellings or strange domain names are often giveaways.

2. Watch for Spelling and Grammar Mistakes

Phishing emails used to be full of bad grammar, and many still are. Poorly written sentences, awkward phrasing, or random capitalisation can all be signs of a scam. Genuine companies take care with how they communicate.

3. Beware of Urgency and Threats

Scammers love pressure tactics. Common phrases include:

  • “Your account will be suspended”
  • “Final warning”
  • “Immediate action required”

They want you to panic and click before you think. Always take a moment to pause and verify.

4. Don’t Trust Unexpected Attachments or Links

If you receive an attachment you weren’t expecting — especially a .zip.exe, or .docm file — don’t open it. Likewise, links that say one thing but take you somewhere else when you hover over them are a classic phishing tactic.

A good rule of thumb: Never click on anything in an email unless you’re 100% sure who it’s from.

5. Look at the Greeting

Phishing emails often use generic greetings like:

  • “Dear customer”
  • “Hello user”

Legitimate emails from companies you’ve interacted with usually use your real name. It’s not a perfect indicator, but it can be a clue.

6. Check the Branding — Carefully

Some phishing emails look almost identical to the real thing. Logos, colours, layout — all copied perfectly. But sometimes, there’s something slightly off: a blurry logo, a pixelated button, or a font that doesn’t look quite right.

If you’re ever unsure, don’t click. Instead, go to the company’s website directly by typing the address yourself.

7. Use Two-Factor Authentication (2FA)

Even if you fall for a phishing email, having 2FA turned on can stop an attacker from accessing your account. It adds an extra layer of security by requiring a code from your phone or another device.

It won’t stop the phishing emails, but it can soften the blow if you accidentally give away your password.

What to Do If You Receive a Phishing Email

  1. Don’t reply. It confirms your email address is active.
  2. Don’t click any links or download attachments.
  3. Report it. Most email services have a “Report phishing” button.
  4. Delete it. Once reported, get rid of it.
  5. Change your password immediately if you think you’ve clicked on something suspicious.

If the email claimed to be from a company you use (like your bank or PayPal), visit their official website directly and contact them to check.

Phishing emails have come a long way from the obvious scams of the early 2000s. These days, they’re slicker, more convincing, and more dangerous. But with a bit of caution and a healthy dose of scepticism, you can avoid the trap.

Always trust your gut — if something feels off, it probably is.

Nikhil Shah

Nikhil is the go-to guy for tech troubleshooting. With 10+ years of experience in IT support and a CompTIA A+ certification, he’s handled every technical hiccup imaginable from broken Wi-Fi connections to recovering hacked accounts. Nikhil’s writing focuses on step-by-step help guides for users of all skill levels. He believes no question is too small and no issue too silly to deserve a clear, helpful answer.

Related Posts

How To Make a Collage On iPhone: The...

How to Factory Reset Your Android Phone: A...