12 Phishing Email Red Flags

Phishing works on speed and emotion. Slow down and check these red flags.

Sender and domain

• Lookalike domains (paypa1.com, micros0ft-support.com).
• Display name says one company, the address is a random Gmail.

Language and pressure

• Urgency: "act within 24 hours or your account is closed."
• Threats, prizes, or "unusual activity" hooks.
• Generic greetings ("Dear Customer").

Links and attachments

• Hover a link — does the real URL match the text?
• Unexpected attachments, especially zips or documents asking you to "enable content."
• Requests for passwords or codes (legitimate companies never ask).

Bonus: use a disposable inbox to test

When trying an unknown service, sign up with a disposable address. If "your bank" emails it, you know it's fake. Modern inboxes also flag suspicious mail and render HTML safely.