Skip to main content
    Step 1 of 6
    Safety & Privacy
    Beginner

    How to Spot Phishing Emails

    Learn to recognize phishing emails that try to steal your passwords and personal information — and know exactly what to do when one arrives.

    5 min read 6 stepsApril 20, 2026Verified April 2026
    1

    Check the sender's email address carefully

    ~32s
    Look at the full email address of whoever sent the message — not only the display name. Click on the sender's name or hover your mouse over it to see the actual address. A phishing email might show the display name "Amazon Customer Service" but the actual address might be something like amazon-support@random-domain.com or service@amaz0n.net. Legitimate emails from Amazon come from addresses ending in @amazon.com only.

    Quick Tip

    Watch for subtle misspellings in email domains: amaz0n.com (zero instead of letter O), paypa1.com (numeral one instead of L), or microsoftsupport.net (the real Microsoft uses @microsoft.com). These look almost identical at a glance.

    2

    Do not click links in suspicious emails

    ~35s
    If an email asks you to click a link to verify your account, reset a password, or provide information, do not click it. Instead, open a new browser window and type the organization's website address directly (for example, type amazon.com yourself). Log in through the real website to check whether there is actually an issue with your account. If there is no issue on the real site, the email was fraudulent.

    Warning

    Even hovering over a link can sometimes trigger tracking in sophisticated phishing emails. If an email looks suspicious, do not interact with it at all — delete it and go directly to the organization's website through your browser.

    3

    Be alert to pressure and urgency

    ~23s
    Phishing emails almost always create artificial urgency to prevent you from thinking carefully. Phrases like "Your account will be closed," "Suspicious activity detected — act immediately," "Final warning," and "Claim your refund within 48 hours" are all hallmarks of phishing. Take a breath and ask yourself: if this were a real emergency, why would a company handle it only by email without also calling or sending a letter?
    4

    Look at the greeting and overall quality

    ~23s
    Phishing emails frequently use generic greetings like "Dear Customer," "Dear User," or "Dear Account Holder" rather than your actual name. Real companies that email you usually know your name from your account and address you directly. Also look for unusual spelling errors, awkward grammar, or sentences that sound strange — while many phishing emails are now polished, some still contain errors that a professional company would not make.
    5

    What to do when you receive a phishing email

    ~34s
    Do not click any links, download any attachments, or reply to the message. Mark it as spam or phishing in your email program (most email services have a Report Phishing option). Then delete it. If the email claimed to be from a real company you use — like your bank or Amazon — contact that company directly using a phone number or website you know is legitimate to let them know the phishing email is circulating.

    Quick Tip

    You can report phishing emails to the FTC at reportfraud.ftc.gov and to the Anti-Phishing Working Group at reportphishing@apwg.org. Reporting helps authorities track and shut down phishing operations.

    6

    What to do if you already clicked a link or entered information

    ~33s
    If you clicked a link and entered your password, change that password immediately on the real website. If you entered financial information or your Social Security number, call your bank right away and report it. Place a fraud alert with the three credit bureaus (Equifax, Experian, TransUnion). Run a security scan on your computer if you downloaded any attachments. Report the incident to the FTC at reportfraud.ftc.gov.

    Warning

    Act as quickly as possible if you provided sensitive information. The sooner you alert your bank and the credit bureaus, the better your chances of limiting any financial damage.

    You Did It!

    You've completed: How to Spot Phishing Emails

    Need more help? Get Expert Help from a TekSure Tech

    Phishing emails are fraudulent messages designed to look like they come from a trusted source — your bank, Amazon, the IRS, Social Security Administration, Medicare, PayPal, or another organization you regularly deal with. The goal is to trick you into clicking a link and entering your password, Social Security number, credit card information, or other sensitive data on a fake website controlled by criminals.

    These emails have become increasingly sophisticated. They often include the company's real logo, use professional language, and closely mimic the formatting of legitimate messages from that organization. However, there are consistent warning signs that can help you identify them before you interact with them.

    The most important thing to understand is this: legitimate organizations will never send you an unsolicited email asking you to provide your password, full Social Security number, banking login credentials, or credit card number by clicking a link. If an email asks you to do any of these things, it is almost certainly a phishing attempt regardless of how official it looks.

    The sense of urgency is another major warning sign. Phishing emails almost always pressure you to act immediately: "Your account will be suspended in 24 hours," or "Immediate action required to avoid losing access to your account," or "Verify your information now to avoid a penalty." This urgency is designed to make you act without thinking. Real organizations give you time to respond to legitimate issues.

    The volume of phishing attempts has grown dramatically because the technology to send millions of convincing fake emails is now inexpensive and widely available. Nearly everyone with an email address receives phishing attempts regularly. Recognizing them is not about being especially tech-savvy — it is about knowing a handful of consistent red flags.

    Was this guide helpful?

    Your feedback helps us make TekSure better for everyone.

    Want to rate with stars?

    Still have questions?

    Ask TekBrain a follow-up question about this guide. It’s free, no sign-up needed, and the answer will be in plain English.

    Ask TekBrain a follow-upBrowse common questions
    phishing
    email scams
    spam
    security
    fraud
    email safety

    Official Resources

    FTC Consumer ProtectionCISA — Cybersecurity TipsAARP Fraud Watch Network

    Sources used to create and verify this guide. View all sources →

    ← Previous

    How to Freeze Your Credit Reports

    Next →

    Do You Need Antivirus Software on Your Phone?

    Still stuck? Let a pro handle it.

    Our verified technicians can fix this issue for you — remotely or in person.

    Book a Verified Tech How It Works

    Related Guides

    More from Safety & Privacy

    How to Secure Your Home Wi-Fi Network

    Simple steps to lock down your home router, keep strangers off your network, and protect every device in your house.

    3 min read

    Setting Up Two-Factor Authentication (2FA) on Any Account

    Add a second layer of security to your most important accounts. This one change stops most account takeovers cold.

    3 min read

    Staying Safe on Social Media

    How to protect your privacy on Facebook and Instagram, spot fake accounts, and avoid the most common social media traps.

    3 min read

    How to Spot Phishing Emails — Step-by-Step Guide | TekSure