4 clues an email is actually a phishing scam email

One of the most popular types of email scam is phishing. This is where scammers contact a victim through email pretending to be someone the recipient trusts, in order to trick that victim into handing over sensitive details like passwords or otherwise compromising their own security.

Phishing emails need the recipient to fall for the scam by compromising their own privacy or security. Typically this means clicking a link to a spoof website and entering sensitive information into it, or opening a malicious email attachment. The phishing email has to trick a recipient into doing these things for it to be successful.

Phishing emails can be very convincing, but there are nearly always tell-tale signs. Here are four.

You need to click this link or open this attachment

As we stated above, phishing scams only work if they persuade the recipient to compromise their own security by clicking on malicious links or opening malicious email attachments. So it’s important that the email manages to persuade the recipient to do this, which is why such emails will try and pressure or panic the recipient into clicking links or opening attachments.


Watch out for emails pressuring you to click a link

If an email is trying to pressure you into urgently clicking a link or opening an attachment – for example by claiming your account could be disabled or by claiming you’ve been charged a fine – then there is a good chance the email is a phishing scam.

The link doesn’t go where it should go

Crooks that send phishing emails that contain links to spoof websites are hoping you won’t realise that you’ve landed on a spoof website, and you enter your login details anyway. Possibly they’re hoping that you’re so panicked (see above point) that you don’t do any due diligence and check. But you should always check what web domain you’ve landed on if you do happen to click a link in an email (which you really shouldn’t do.)

So if you’ve clicked a link, before you do anything else, check the domain. Is it what it should be? PayPal… Facebook… Apple… you bank? Check the address. Alternatively, many email software will let you check the web address before you click a link to see where it leads. For example some desktop email programs will show the destination web address at the bottom of the email in the status bar.


Sponsored Content. Continued below...




Generic greetings

The most common type of phishing scam is one that is sent to many thousands of different recipients. These emails will use a generic greeting such as “Hello Customer” or no greeting at all, while legitimate emails will usually use your name.


Banks won’t address you as “account holder”, for example.

Poor spelling

Emails from PayPal, your bank or various organisations are unlikely to contain spelling errors. So watch out for suspicious spelling and grammar errors in emails you receive. Many such scams originate from non-English speaking countries.


Sponsored Content. Continued below...




Other tell-tale signs can include the reply-to email address not matching the sender, the email claiming to contain “confidential” information or an email asking you to reply with sensitive information.

Related reading:

How to spot PayPal phishing scams
How to spot a phishing email claiming to be from your bank
Watch out for convincing Netflix emails scams
What is the difference between phishing and spear-phishing