arrow_backAll articles
Spotting phishing

How to spot a phishing email: 7 clear warning signs

schedule6 min read

You can spot a phishing email by 7 key signs: a suspicious sender address, artificial urgency, links that point somewhere other than they claim, a request to enter your password, unexpected attachments, generic greetings with errors, and an unusual request or context. A few of these together are enough to treat the email as dangerous.

A phishing email is a deceptive message designed to make you reveal a password, make a payment or download a malicious file. Even experienced employees get caught when an email looks urgent and convincing. The good news is that almost every phishing email leaves recognisable traces. Here are the seven signs worth checking first.

1. A suspicious sender address

The display name may look tidy ("Microsoft Support"), but the real address often gives it away: micros0ft.net, paypa1.com or a random-character domain. Always check the actual email address, not just the shown name.

2. Artificial urgency and threats

"Your account will be suspended within 24 hours" is a classic pressure tactic. Urgency shuts down critical thinking and pushes you to act without thinking. Legitimate organisations rarely threaten instant blocking by email.

3. Links that lead somewhere other than they appear

Hover over a link (without clicking) and see where it actually goes. If the visible text says "yourbank.com" but the link points to an unfamiliar domain, that is a clear red flag. On mobile, press and hold a link to reveal the real address.

4. A request to enter your login details

No serious service will ask you to enter your password via an email link. If a message directs you to a login page and asks for a password — stop. Instead, open the website manually in your browser.

5. Unexpected attachments

An unexpected .zip, .html or macro-enabled Office document is one of the most common ways malware spreads. If you were not expecting a file, do not open it and verify with the sender through another channel.

6. Generic greetings and language errors

"Dear customer" instead of your name, odd grammar or a machine-translated tone often reveal a mass phishing email. However, in targeted attacks (spear phishing) the language can be flawless — so this sign alone is not enough.

7. An unusual request or context

A manager "asking" you to urgently buy gift cards, accounting "changing" a bank account, a supplier "updating" their details — always verify such requests through another channel (by phone or in person), even if the email looks like it is from someone you know.

What to do with a suspicious email

  • checkDo not click links or open attachments
  • checkReport it to your IT or security team
  • checkIf you already clicked — change your password immediately and inform IT
  • checkDo not delete the email right away — it may be needed for investigation

Spotting a phishing email in theory is easy, but in a real, rushed situation it is harder. The skill is built through practice: safe phishing simulations show how employees actually react, and a short lesson right after a click turns the mistake into learning. That is exactly how Opsinel helps teams become more resilient — without fear or blame.

Frequently asked questions

What is the first thing to check when I suspect phishing?add

First check the real sender email address (not just the display name) and hover over any link to see where it actually leads.

What should I do if I already clicked a phishing link?add

Immediately change the password of the affected account, enable two-factor authentication and inform your IT or security team. The sooner you report, the smaller the damage.

Do phishing simulations really help?add

Yes. Regular simulations with a short lesson right after a click genuinely reduce click rates and build alertness better than a one-off lecture.

How do I tell phishing from a real bank email?add

A real bank addresses you by name, never asks you to enter a password via a link, and does not threaten instant blocking. When in doubt, do not use the email links — log in to your bank manually.

Can a phishing email look completely legitimate?add

Yes. In targeted attacks (spear phishing) the language is flawless and the sender name is accurate. So do not rely on language errors alone; check the address, links and the context of the request.

Read next