How to Identify a Phishing Email

Check the sender’s email address

Look carefully at the email address of the sender. Phishing emails often use a fake email address that is similar to a legitimate one. For example, the email address may be slightly misspelled or have a different domain name.

Check the salutation

Phishing emails often use a generic salutation such as “Dear customer” or “Dear user” instead of using your name.

Check for urgency

Phishing emails often use urgency or fear tactics to encourage you to act quickly. For example, they may claim that there is a problem with your account or that your account will be closed if you don’t take action immediately.

Check for spelling and grammar errors

Phishing emails often contain spelling and grammar errors or use awkward phrasing.

Check the links

Phishing emails often contain links that look legitimate but actually lead to fake websites designed to steal your information. Hover your mouse over the link to see the URL, and check that it matches the legitimate website.

Check for attachments

Phishing emails may contain attachments that are infected with malware. Be cautious of opening any attachments from unknown sources.

Check the tone

Phishing emails often use an urgent or threatening tone to encourage you to act quickly. Be wary of any emails that make you feel anxious or threatened.

If you receive a suspicious email, do not click on any links or open any attachments. Instead, contact the legitimate company or organization to verify the authenticity of the email. You can also report the phishing email to your email provider or to the Anti-Phishing Working Group at reportphishing@apwg.org.