How to Spot a Phishing Email (and What to Do About It)

What’s the Big Idea?

Phishing emails are one of the most common cyber threats out there—and they're getting harder to spot. Knowing how to recognize and respond to them is one of the simplest ways to protect your digital life.

Quick Background

Phishing is a scam where someone tries to trick you into giving up personal information—like passwords, credit card numbers, or account details—by pretending to be a trusted contact or company. They usually do it by email, but it can also happen via text or phone call.

What to Look For

Urgency or Threats: “Act now or your account will be suspended!”

Spelling/Grammar Errors: Many phishing emails are written poorly.

Suspicious Links: Hover over links (without clicking) to see the real URL.

Unexpected Attachments: These could contain malware.

Impersonation: An email that looks like it’s from your bank, boss, or a big company—but isn’t.

Examples You Might See

An email from "support@yourbank-secure.com" asking you to verify login info

A fake delivery notice from a courier service with an odd attachment

A “security alert” that asks you to click a link to reset your password

What to Do If You’re Not Sure

Don’t click anything.

Go directly to the website (don’t use the link in the email).

Check the sender’s full email address carefully.

Use two-factor authentication to make your accounts more secure.

Report phishing emails to your email provider or IT department.

Pro Tip

Use a free alias or email masking service (like SimpleLogin or Apple’s Hide My Email) for accounts you don’t fully trust. It keeps your real inbox safer.