How to Spot a Phishing Email: 7 Red Flags (2025 Guide)

You receive an urgent email from your bank. It says your account has been compromised and you need to click a link to verify your identity immediately. You feel a surge of panic. What do you do?

This is the exact feeling that cybercriminals want you to have. This is a phishing attack, and it is the single most common way that people get hacked. An astonishing 85% of all data breaches start with a simple, deceptive email just like this. Hackers know that if they can trick you into a moment of panic, they can steal your passwords, your money, and your identity.​

As a security trainer who has analyzed thousands of phishing attempts and taught over 10,000 employees how to spot them, I can tell you that these emails are designed to look real. But they always contain small mistakes. This guide will teach you, step-by-step, exactly what to look for. This isn’t about memorizing complex rules; it’s about learning to spot the red flags so you can delete these malicious emails with confidence.

“A phishing email is like a fisherman’s lure. It’s designed to look like something you want or need—a real fish—to trick you into biting. Your job is to learn how to spot the hook before you take the bait.”

What is Phishing and Why is it So Dangerous?

In simple terms, phishing is a type of cyberattack where a criminal sends a fraudulent message designed to trick you into revealing sensitive information. The goal is to get you to click a malicious link or open a dangerous attachment.​

Why Do Hackers Phish?

The motivation is simple: money and access.

• Stealing Your Login Credentials: They send you to a fake login page that looks identical to the real one (like a fake Netflix or bank login page). When you type in your username and password, they steal it.
• Stealing Your Financial Information: They might ask you to “verify” your credit card details or other personal financial information.
• Installing Malware: They trick you into clicking a link or downloading an attachment that installs malicious software (like ransomware or spyware) on your computer.

The danger is that one successful phishing attack can be a gateway to your entire digital life. If a hacker gets the password to your primary email account, they can use it to reset the passwords for all your other accounts.

What This Means: Clicking one bad link can give a hacker the keys to your email, your bank account, your social media, and more. That is why learning to spot a phishing email is the single most important cybersecurity skill you can learn.

Real-World Examples of Phishing in 2025

Phishing isn’t a theoretical threat; it’s happening right now. In 2025, sophisticated phishing campaigns have targeted customers of major services like Amazon and Microsoft Office 365, using highly convincing fake login pages to steal millions of account credentials. Even a simple “package delivery notification” email can be a phishing attempt designed to steal your personal information.

The 7 Red Flags of a Phishing Email

Every phishing email, no matter how convincing it seems, contains small mistakes. Here are the seven key red flags to look for. If you see even one of these, you should treat the email with extreme suspicion.

Red Flag #1: The Sender’s Email Address is Wrong

This is the most common and most reliable giveaway. Hackers can make the “From” name look real, but they can’t fake the email address itself.

• What to look for: Hover your mouse over the sender’s name to reveal the actual email address. Does it look legitimate?
• Real Example: A real email from Amazon will come from an address like [email protected].
• Fake Example: A phishing email will use a slightly misspelled or strange-looking address, like [email protected] or [email protected].​

“The sender’s email address is like their government-issued ID. If the name on the ID doesn’t match the person in front of you, it’s a fake. Always check the ID.”

Red Flag #2: A Sense of Urgent Panic

Phishing emails are designed to short-circuit your rational brain by creating a sense of urgency and fear.

• What to look for: Look for threatening subject lines like “Urgent Action Required,” “Your Account Has Been Suspended,” or “Unusual Login Detected”.​
• Why it works: They want you to panic and click without thinking. Real companies will almost never ask you to take immediate, drastic action via email.

Red Flag #3: Generic Greetings

Legitimate companies that you have an account with will almost always address you by your name.

• What to look for: Be suspicious of generic greetings like “Dear Valued Customer,” “Dear User,” or just “Hello”.​
• Why it’s a red flag: Hackers send out millions of these emails at once, so they don’t know your name. They use a generic greeting to cast the widest possible net.

Now, we dive deeper into the anatomy of a phishing attack. This section will show you exactly how to analyze the most dangerous parts of a phishing email—the links and attachments—and provide a checklist you can use to protect yourself. We will also break down a real-world phishing example and tell you exactly what to do if you accidentally click a bad link.

“The most dangerous part of a phishing email is the link. It looks harmless, but it’s a hidden doorway to a malicious website. Learning how to inspect a link before you click is the cybersecurity equivalent of looking both ways before you cross the street.”

Red Flag #4: Spelling and Grammar Mistakes

Large, professional companies have entire teams dedicated to proofreading their customer communications. While AI is making phishing emails more sophisticated, many still contain obvious errors.​

• What to look for: Awkward phrasing, random capitalization, and simple spelling mistakes (e.g., “your account are suspend” instead of “your account is suspended”).​
• Why it’s a red flag: Many phishing campaigns are run by non-native English speakers who make simple grammatical errors that a professional company would not. While a single typo isn’t definitive proof, it should make you highly suspicious.

Red Flag #5: Suspicious Links (The Hover Trick)

This is the most important technical skill you can learn. Hackers will disguise a malicious link to make it look legitimate. Your job is to reveal its true destination.

• The Trick: On a computer, hover your mouse cursor over the link without clicking it. A small box will pop up, or text will appear in the bottom-left corner of your browser window, showing you the actual web address the link will take you to.​
• What to look for:
  • The Text: Click here to log in to your Amazon account.
  • The Real Link (revealed by hovering): http://login-amazon-security-update.xyz
• Why it’s a red flag: The real domain should be amazon.com. Anything else, especially a strange-looking domain like .xyz or .net, is a fake.

What This Means: If the address you see when you hover doesn’t exactly match the company’s real website, do not click it. When in doubt, open a new browser tab and type the company’s real web address in manually (e.g., www.amazon.com).

Red Flag #6: Unexpected Attachments

Legitimate companies rarely send important information as an attachment without prior warning. Be extremely wary of any unexpected attachments, especially if they end in certain file types.

• What to look for: Attachments with file names like “Invoice.zip,” “Payment_Details.exe,” or “Account_Update.html”.​
• Why it’s a red flag: These files are often used to deliver malware. .zip files can hide malicious programs, and .exe files are executable programs that can infect your computer the moment you open them.
• The Rule: If you are not expecting an attachment from someone, do not open it. Contact the sender through a separate, trusted method (like by phone) to verify if they sent it.

Red Flag #7: “Too Good to Be True” Offers

This type of phishing attack preys on human curiosity and greed rather than fear.

• What to look for: Emails claiming you’ve won a lottery you never entered, a free iPhone, or a massive inheritance from a long-lost relative.​
• Why it’s a red flag: These are classic scams designed to get you to click a link and enter your personal information to “claim your prize.”
• The Rule: If an offer seems too good to be true, it always is. Delete the email immediately.

Phishing Email in the Wild: A Breakdown

Let’s break down the red flags:

1. Generic Greeting: The email starts with “Hi Dear,” instead of the user’s actual name.
2. Sense of Urgency: The subject line “Action Required” and the message “Your Account is On Hold” are designed to create panic.
3. Suspicious Link (The Hover Trick): If you were to hover over the “Restart Your Membership” button, the link would not go to netflix.com. It would go to a fake address like netflix-support.billing-update.com.
4. Grammar Mistake: There might be a subtle error, like “we was unable” instead of “we were unable.”

This email combines multiple red flags. By learning to spot them, you can confidently identify this as a fake and delete it.

“I Clicked the Link!”: Your Immediate Action Plan

It happens to everyone. In a moment of distraction, you might accidentally click a phishing link. Don’t panic. If you act quickly, you can minimize the damage.

Scenario 1: You clicked the link but DID NOT enter any information.

1. Disconnect from the Internet: Immediately turn off your computer’s Wi-Fi or unplug the network cable. This can prevent any malware that might have been downloaded from “calling home” to the hacker.
2. Run a Full Antivirus Scan: Use a reputable antivirus program to scan your entire computer for any malware that might have been installed.
3. Change Your Password (As a Precaution): Once your computer is clean, log in to the real website (the one the phishing email was pretending to be from) and change your password.

Scenario 2: You clicked the link AND entered your password.

1. Act Immediately: Assume your account is compromised.
2. Go to the REAL Website: Open a new browser tab and go directly to the legitimate website.
3. Change Your Password: Change your password for that account immediately.
4. Change It Everywhere Else: If you were reusing that password on any other sites, you must change it on all of them. Hackers will be automatically testing it everywhere.
5. Enable Multi-Factor Authentication (MFA): If you don’t already have it enabled on that account, turn it on now. This will block the hacker even if they have your new password.

Conclusion: Your New Superpower

You have now learned one of the most critical skills for staying safe online. You understand that phishing attacks are designed to manipulate your emotions, and you know the specific, technical red flags to look for.

The next time you get an urgent email from your “bank” or a message about winning a “free prize,” you won’t feel panic. You will feel confident. You will check the sender, hover over the link, spot the red flags, and hit the delete button. You have turned a potential threat into a non-event. That is a security superpower.

Phishing Emails: The Complete Beginner’s FAQ

The Basics

1. What is a phishing email?
   It’s a fake email sent by a cybercriminal that is designed to look like it’s from a real company (like your bank, Amazon, or Netflix). The goal is to trick you into clicking a bad link or revealing personal information.security​
2. Why do they call it “phishing”?
   Because the hackers are “fishing” for your information. They are baiting a hook with a fake email and hoping you’ll bite.cloudflare​
3. What do the hackers want?
   They typically want your login credentials (username and password), credit card numbers, or other personal information that they can use to steal your money or identity.guardiandigital​
4. Are phishing attacks common?
   Extremely common. Phishing is the most prevalent form of cybercrime, accounting for the vast majority of all successful data breaches.itgovernance​
5. I’m not important. Why would a hacker target me?
   Hackers usually don’t target you personally. They use automated systems to send out millions of emails at once, hoping that a small percentage of people will fall for the scam. You are a target simply because you have an email address.guardiandigital​
6. What’s the difference between phishing and spam?
   Spam is just unwanted junk mail (like advertisements). Phishing is malicious and is actively trying to trick you into doing something that will compromise your security.

Spotting the Red Flags

7. What is the #1 easiest way to spot a phishing email?
   Check the sender’s email address. Hover your mouse over the “From” name to see the full address. If it’s from a public domain (like @gmail.com) or is misspelled (like @amaz0n.com), it’s a fake.adaptivesecurity​
8. The email looks exactly like a real one from Netflix. How can I be sure?
   Hackers are very good at copying logos and formatting. Ignore the design and focus on the technical details: the sender’s address, the links, and any spelling mistakes.
9. What does it mean to “hover” over a link?
   On a computer, it means moving your mouse cursor over a link without clicking it. This will reveal the link’s true destination in a small pop-up or in the corner of your screen. This is a critical skill.adaptivesecurity​
10. How do I check a link on my phone?
    Press and hold your finger on the link. A preview window will pop up showing you the full URL of the link’s destination.
11. Why do so many phishing emails have spelling or grammar mistakes?
    Many phishing campaigns are run by non-native English speakers. While AI is making them better, these errors are still a common red flag that a professional company would not make.adaptivesecurity​
12. Why do phishing emails always seem so urgent?
    They use urgent or threatening language (e.g., “Your account will be suspended!”) to create a sense of panic. They want you to act emotionally and click before you have time to think critically.microsoft​
13. What if the email uses my real name? Does that mean it’s legitimate?
    Not necessarily. If your name and email were exposed in a previous data breach, hackers might use your name to make the phishing email seem more personal. This is called “spear phishing”.guardiandigital​
14. Is an unexpected attachment a red flag?
    Yes, a huge one. Never open an unexpected attachment, especially if it’s a .zip, .exe, or .html file. Contact the sender through a separate channel (like a phone call) to verify they sent it.
15. My email provider has a spam filter. Isn’t that enough?
    Spam filters are good, but they are not perfect. Sophisticated phishing emails are designed to bypass these filters, so you must always remain vigilant.

What to Do (and Not Do)

16. I think I’ve received a phishing email. What should I do?
    Do not click any links, do not open any attachments, and do not reply. Simply mark it as “spam” or “phishing” in your email client and then delete it.
17. I accidentally clicked a link, but I closed the window immediately. Am I okay?
    You might be. The safest course of action is to immediately disconnect from the internet and run a full antivirus scan on your computer to check for malware.
18. I clicked a link AND entered my password. What do I do now?
    Act immediately. Go directly to the real website, log in, and change your password. If you used that password on any other sites, change it on all of them. Then, enable Multi-Factor Authentication (MFA) on the account.
19. Should I report phishing emails?
    Yes. Most email clients (like Gmail and Outlook) have a built-in feature to “Report Phishing.” Using this helps them improve their filters and protect other users.
20. Can I get a virus just by opening a phishing email?
    In most modern email clients, simply opening the email is safe. The danger comes from clicking a link or opening an attachment.
21. The email is from my boss and asks me to buy gift cards. Is it real?
    This is a very common scam. Never act on an urgent financial request via email alone. Verify the request in person or with a phone call to a number you know is correct.
22. I got a text message that looks like phishing. Is that possible?
    Yes. Phishing that happens via text message is called “smishing.” The same rules apply: be wary of urgent requests and suspicious links.
23. Can my antivirus software protect me from phishing?
    It can help. Some antivirus programs will block you from visiting known malicious websites, but they can’t stop you from voluntarily giving away your password on a fake site. Your own judgment is the best defense.
24. How can I practice spotting phishing emails?
    Google offers a free phishing quiz that uses real-world examples to test your skills. It’s a great way to practice in a safe environment.
25. Is it ever safe to click a link in an email?
    Yes, if you are 100% sure of the sender and you have hovered over the link to verify its destination. If you have even a tiny bit of doubt, it’s safer to go to the website directly by typing its address into your browser.

Advanced Concepts

26. What is “spear phishing”?
    This is a targeted phishing attack where the hacker has researched you and uses personal information (like your name, job title, or recent activities) to make the email seem more convincing.guardiandigital​
27. What is “clone phishing”?
    This is when a hacker takes a real, legitimate email that you previously received, copies it, and then swaps out the real link or attachment for a malicious one. This is very hard to spot.guardiandigital​
28. What is a “Man-in-the-Middle” attack?
    This can happen on public Wi-Fi where a hacker intercepts the traffic between you and a website, allowing them to steal any information you send, like passwords.guardiandigital​
29. How does AI make phishing worse?
    Hackers are now using AI to write phishing emails that have perfect grammar and a very convincing, human-like tone, making them harder to detect.guardiandigital​
30. What is the single best defense against phishing attacks?
    Enable Multi-Factor Authentication (MFA) on all of your important accounts. Even if a hacker successfully steals your password through a phishing attack, they will not be able to log in to your account without the second factor (the code from your phone).