← All articles

10 signs an email is a phishing attempt

GottaPhish Team · June 18, 2026

Most phishing attempts arrive by email, and the good news is that they usually leave clues. Once you know what to look for, spotting a fake becomes much easier. Here are ten signs that an email might be a phishing attempt.

1. It creates a sense of urgency

Phishing emails want you to act before you think. Watch for pressure like "Your account will be closed today" or "Immediate action required." Genuine organisations rarely demand that you act within minutes.

2. The sender's address looks slightly off

The display name might say "Microsoft" or your bank, but the actual email address tells the real story. Look closely for subtle misspellings or odd domains — for example support@micros0ft-secure.com instead of a genuine address. Small differences are easy to miss when you're rushing.

3. It uses a generic greeting

An email that opens with "Dear Customer" or "Dear User" — when the real company knows your name — is a warning sign. Attackers often send the same message to thousands of people at once.

4. The links don't go where they claim

Before clicking, hover your mouse over a link (on a computer) to preview the real destination. If the text says one thing but the address points somewhere unexpected, don't click.

A link that reads "www.yourbank.com" but points to a completely different site is a classic phishing trick.

5. It asks for sensitive information

No legitimate bank, service, or employer will ask you to confirm your password, PIN, or full card details by email. Any message that does is almost certainly a scam.

6. There's an unexpected attachment

Be cautious with attachments you weren't expecting, especially files ending in .zip, .exe, or documents that ask you to "enable content" or "enable macros." Opening them can install harmful software.

7. The spelling and grammar feel off

Professional organisations proofread their messages. Awkward phrasing, odd spacing, or obvious spelling mistakes can indicate a fake — though be aware that attackers are getting better, so a polished email isn't automatically safe.

8. The offer is too good to be true

Unexpected refunds, prizes, or gifts you never signed up for are bait. If you didn't enter a competition, you haven't won it.

9. It doesn't quite match how you normally communicate

If your "CEO" suddenly emails asking you to buy gift cards, or a supplier changes their bank details out of the blue, stop. Attackers imitate people you trust to slip past your guard. When money or data is involved, verify through a separate, trusted channel.

10. Something just feels wrong

Trust your instincts. If an email feels unusual, rushed, or out of character, that gut feeling is worth listening to. It's always fine to pause and check.

A simple rule to remember

You don't have to judge every email perfectly. When something feels suspicious, follow one calm rule:

Remember that no single sign proves an email is phishing, and a message can look perfectly normal and still be dangerous. Treating these ten signs as prompts to slow down — rather than a strict checklist — is the safest approach.

How GottaPhish helps

Phishing emails slip through because the warning signs are easy to miss under time pressure — and GottaPhish, together with our expert support team, helps you turn those signs into instinct. We send safe, realistic simulated phishing emails so your team learns to recognise the clues in real situations, reinforce them with bite-sized awareness training, and give you easy-to-read dashboards that track progress over time. Our support and experts team works hands-on with you to design believable scenarios, set up campaigns, and interpret the results, so your workforce spots phishing confidently — and reports it quickly.