Can You Spot Every Phishing Scam?

Online scammers have become far more sophisticated and aggressive in recent years.


Email-based phishing scams have been around almost as long as the internet. Bad actors regularly send malicious email messages disguised to look like they’re from a legitimate company. They often target huge swaths of people using stolen email addresses. Their goal is simple: they want to get their hands on your personal information and, ultimately, your money.

Even though email providers have gotten really good at filtering out dangerous messages, phishing techniques are ever evolving. As they become more sophisticated and complex, it becomes increasingly important that people work together to stop scammers in their tracks by spotting and reporting suspicious emails. The recipient is the last line of defense against attacks that make it past the safeguards and into their inbox.

The good news is that anyone can learn how to spot the clues scammers hide in their phishing emails. Here are some of the most common red flags to watch out for. 

Who is the email from? Check the sender’s email address. Were you expecting the email? If not, where did it originate? Is the address spelled correctly? Scammers often make small spelling changes that are easy to miss. For example, can you spot the misspelling in this address: If you noticed that Google Play has an extra “p” in it, great job, you might be a phish-buster in the making.

Who is the email addressed to? Always check if the email was sent directly to you or if it’s addressed to someone else. If you’re on the cc line and the message is from a sender you don’t recognize, that’s a red flag. It’s also a red flag if your email address appears in alphabetical order next to a bunch of similar addresses.

When did you receive the email and when was it sent? If an email looks like it was sent from a legitimate business but outside normal business hours, that could be a red flag. Phishing campaigns are often automated, and they can be sent from any corner of the globe at any hour of the day or night.

Does the email call for urgent action? The subject line on a phishing email is often used to grab your attention with an inflated sense of urgency. Is the offer too good to be true? Does the message threaten negative consequences or a missed opportunity? There is often a push for the phishing recipient to do something right away.

Does the email contain bad grammar and spelling mistakes? Phishing emails often contain misspelled words and inaccurate “facts.” Scammers use this approach to find trusting targets who are more likely to fall for their scam. Legitimate communications are usually checked for spelling and grammar. Carefully read the content of any email you find suspicious.

Does the email contain hyperlinks or attachments? A great way to tell if a hyperlink is legitimate is to hover over it without clicking. Does the targeted address match the address displayed in the text? If not, that’s a bright red flag. Also check for spelling in hyperlinks. Never open attachment unless you are 100% certain the email is legitimate. Scammers regularly attach documents to phishing emails containing embedded malicious code that is activated when the attachment is opened.

We may not be able to prevent scammers from sending phishing emails, but we can protect ourselves against common threats by paying close attention and staying vigilant.