10 signs an email is a phishing attempt
Most phishing attempts arrive by email, and the good news is that they usually leave clues. Once you know what to look for, spotting a fake becomes much easier. Here are ten signs that an email might be a phishing attempt.
1. It creates a sense of urgency
Phishing emails want you to act before you think. Watch for pressure like "Your account will be closed today" or "Immediate action required." Genuine organisations rarely demand that you act within minutes.
2. The sender's address looks slightly off
The display name might say "Microsoft" or your bank, but the actual email address tells the real story. Look closely for subtle misspellings or odd domains — for example support@micros0ft-secure.com instead of a genuine address. Small differences are easy to miss when you're rushing.
3. It uses a generic greeting
An email that opens with "Dear Customer" or "Dear User" — when the real company knows your name — is a warning sign. Attackers often send the same message to thousands of people at once.
4. The links don't go where they claim
Before clicking, hover your mouse over a link (on a computer) to preview the real destination. If the text says one thing but the address points somewhere unexpected, don't click.
A link that reads "www.yourbank.com" but points to a completely different site is a classic phishing trick.
5. It asks for sensitive information
No legitimate bank, service, or employer will ask you to confirm your password, PIN, or full card details by email. Any message that does is almost certainly a scam.
6. There's an unexpected attachment
Be cautious with attachments you weren't expecting, especially files ending in .zip, .exe, or documents that ask you to "enable content" or "enable macros." Opening them can install harmful software.
7. The spelling and grammar feel off
Professional organisations proofread their messages. Awkward phrasing, odd spacing, or obvious spelling mistakes can indicate a fake — though be aware that attackers are getting better, so a polished email isn't automatically safe.
8. The offer is too good to be true
Unexpected refunds, prizes, or gifts you never signed up for are bait. If you didn't enter a competition, you haven't won it.
9. It doesn't quite match how you normally communicate
If your "CEO" suddenly emails asking you to buy gift cards, or a supplier changes their bank details out of the blue, stop. Attackers imitate people you trust to slip past your guard. When money or data is involved, verify through a separate, trusted channel.
10. Something just feels wrong
Trust your instincts. If an email feels unusual, rushed, or out of character, that gut feeling is worth listening to. It's always fine to pause and check.
A simple rule to remember
You don't have to judge every email perfectly. When something feels suspicious, follow one calm rule:
- Don't click. Leave links and attachments alone.
- Don't reply. Replying confirms your address is active.
- Verify independently. Contact the sender through a phone number or website you already know — never the details in the suspicious message.
- Report it. Tell your IT or security team so they can protect everyone else.
Remember that no single sign proves an email is phishing, and a message can look perfectly normal and still be dangerous. Treating these ten signs as prompts to slow down — rather than a strict checklist — is the safest approach.
How GottaPhish helps
Phishing emails slip through because the warning signs are easy to miss under time pressure — and GottaPhish, together with our expert support team, helps you turn those signs into instinct. We send safe, realistic simulated phishing emails so your team learns to recognise the clues in real situations, reinforce them with bite-sized awareness training, and give you easy-to-read dashboards that track progress over time. Our support and experts team works hands-on with you to design believable scenarios, set up campaigns, and interpret the results, so your workforce spots phishing confidently — and reports it quickly.
