Being tech-savvy isn’t enough to protect you from a phishing email attack. Scammers are savvy and constantly evolve and develop new techniques, and it’s easy to fall victim.

But with these tried-and-tested methods, I can spot phishing emails easily.

fake spotify account alert email phishing scam url example

1Unofficial Email Addresses That Look Legitimate

Often, you’ll see email addresses that are obviously fake. If they’re a bunch of random numbers and letters followed by a provider’s domain (e.g., @gmail.com or @outlook.com), I normally send them to my Trash folder without thinking twice. However, you will sometimes encounter fake email addresses that look genuine.

For example, at first glance, I’ve received emails from my bank and eCommerce stores that are hard to distinguish from the official domain. When you look closer, though, you’ll notice that some letters might be missing or have been added. Scammers often use similar letters and even the brand logo as their profile picture.

Email Spoofing Attack and Fake Email from Fake PayPal

Thankfully, it has become easier to spot genuine addresses. Many major companies have verified checkmarks next to sender emails; you might have noticed this in Gmail. you’re able to also use multipletools to find and verify email addresses.

2Spelling and Grammatical Errors

Unfortunately, identifying phishing emails based on grammar has become more difficult because of generative AI and spell-checking software; this is one of manyways hackers use generative AI in their attacks. Nonetheless, I still check for spelling and grammatical errors to determine whether an email is legitimate.

If they haven’t been written by AI, phishing emails are almost always in bad English. I acknowledge that I’m a native English speaker, and this gives me a huge advantage, but I don’t think you have to be to identify these signs. Phishing emails rarely flow well, and you will also often notice spaces between letters and punctuation.

fake spotify account alert email phishing scam url rollover example

Most brands prioritize consistency; you’ll notice the same capitalization throughout the message. However, since scammers often don’t, checking for consistency is a subtle way to determine whether an email is legitimate. If each word is capitalized in the title but not in an email’s headings or sub-headings, this could be a red flag.

Some phishing emails might also miss words (e.g., “Let’s build website” instead of “Let’s build a website.” Incomplete sign-offs are another potential red flag, though this isn’t always the case.

phishing alert on smartphone

3Personalization

If I ever see an email that starts with “Dear Sir / Madam,” I automatically delete it. At best, it’s an annoying scattergun email that definitely does not make me want to work with someone. But at worst, it could be a phishing email trying to dupe me into sending sensitive information—such as my banking details.

Now, however, phishing emails have gotten much more personal. It’s not uncommon for a sender to use your first name, and they might even go into detail to find out information about your friends and family. This is why you need toavoid several social media mistakes to protect your privacy.

A “This Message Seems Dangerous” Warning in Gmail

Phishing email senders may also try to identify your recent purchase history. For example, I often receive spam emails when purchasing an item online (and it always relates to my parcel delivery). These often include a link with a call to action (CTA).

You might also see phishing emails associated with products you’re interested in. These kinds of scams are prevalent at specific points throughout the year; for example, it’s particularly important tostay safe from scams during the holiday season.

While some links include a CTA, this won’t always be the case. Sometimes, a phishing email sender will include a link entirely unrelated to the organization they’re impersonating. For example, someone might pretend to be Amazon but share a link for a different app.

Thankfully, these types of phishing emails are much easier to identify and avoid. Firstly, most brands that contact you and include links will probably include some kind of CTA. But even if they don’t, the link will go to their website or the service they use to track and send orders.

Over-the-top CTAs, such as multiple emojis, can also be a warning sign that you’re about to click on a phishing email.

Short links aren’t bad in and of themselves; you’ll often see them used on social media. But when receiving emails, I class shortened links as a big red flag—especially if I don’t know the sender.

If someone’s going to send a link via email, I want to ensure that I know the source. Seeing random letters next to each other will not gain my trust, and it suggests that someone is trying to take advantage.

I strongly suggest not clicking on any short links you see in emails and deleting the email. If someone’s trying to impersonate a company, I often try sending it to their team so they can make other customers aware.

6"This Message Looks Dangerous"

I mainly use Gmail, and thankfully, the app is very good at warning me when I could be looking at a potentially threatening email. You’ll often see a message in red that says, “This message looks dangerous,” and despite using the service for over five years, I’m yet to see a time when it has been wrong about this.

When using Google Workspace, Gmail will warn you when someone outside your organization sends you a message. Not all of these messages are dangerous, and honestly, most will be fine—but if you’re suspicious, you may wish to keep this in mind.

As AI evolves, it might be harder for email providers to flag messages as dangerous. So, knowinghow to protect yourself from AI Gmail scams—and doing the same with other networks—is essential.

7The Language Used

I’ve noticed that many phishing emails attempt to create a sense of urgency. For example, I cannot lose count of how many times someone has asked me to send money for an important surgery. Another common phishing email attempt I’ve seen is trying to tell me that one of my subscription payments has failed; this is especially difficult because they’ve often impersonated the services I actually use.

Even if you’ve got decades of marketing experience, these emails can be annoyingly persuasive. Besides verifying the sender, I try not to take action on messages I send without first taking a step back to think. If you revisit a phishing email, you can often notice intricate details that’ll stop you falling victim to them.

While phishing emails are becoming more complex, you can still often identify when a message is legitimate. Keep an eye out for spelling and grammatical errors, and check all email addresses before replying. You should also be very careful before clicking on links.