Online Safety
How to Recognize and Avoid Phishing Emails
Phishing emails pretend to be from banks, Amazon, or the government to steal your information. Learn to spot them before it's too late.
Simplified from original source
Originally published by FTC Consumer Advice
Look at the sender's email address closely
Phishing emails often use addresses that look almost right but have small differences — like "amazon-support@amaz0n.com" instead of "@amazon.com." Always check the full email address, not just the name.
Watch out for urgent language
"Your account will be closed!" or "Verify now or lose access!" — phishing emails create panic to make you act without thinking. Slow down. Legitimate companies give you time.
Tip: If an email seems urgent, go directly to the company's website by typing the address yourself — don't click links in the email.
Don't click suspicious links
Hover over links (on a computer) before clicking. You'll see the real web address at the bottom of your screen. If it looks strange or doesn't match the company, don't click it.
Never enter your password from an email link
If an email asks you to "verify" your password, don't do it from the link in the email. Instead, open a new browser tab and go directly to the website by typing its address.
Important: Your bank, Amazon, PayPal, and similar services will never ask for your password via email.
Report phishing emails
In Gmail, open the email, click the three dots (⋮) in the top right, and select "Report phishing." In Outlook, use "Report" > "Report phishing." You can also forward suspicious emails to phishing@ftc.gov.
Was this article helpful?
Your feedback helps us improve our guides.
About this article: This guide was simplified and rewritten by TekSure from content originally published by FTC Consumer Advice. We make it easier to read for everyday users — no jargon, just plain steps. View the original article. Learn about our content sources.