How to spot common red flags in phishing emails

Tips & tricks
5 mins
Hook in a phishing email resembling a red flag.

You clicked the link in the email to reset your online banking password. But are you really sure that the bank security team sent that email? Too late. You just fell for a phishing email scam, and now your account data is compromised. 

[Want tips to protect yourself from cyberattacks? Sign up for the ExpressVPN blog newsletter.

However, most phishing emails contain glaring red flags. You just didn’t spot them in time—but you can learn how to. Sometimes it’s still the most obvious tricks that catch people out, and phishing emails are a common example.

What exactly is phishing?

Phishing is a type of social engineering designed to manipulate you into giving up sensitive personal information like your passwords, credit card, or bank details, or installing malicious software on your device. 

Phishing uses communication—usually in the form of emails or text messages—pretending to be from someone you trust, such as a company whose services you use. This is why you are willing to give your information to them.

Once an attacker has successfully duped you and has stolen your information or gained access to your device, they can log in to your accounts, change the password, and potentially access other linked accounts. 

Read more: Before your download: Is that app a scam?

According to an Avast survey of its users, 61% of Americans are at risk of falling victim to phishing scams. Phishing emails accounted for 59% of the cases where users admitted to falling for a phishing scam.

While it’s true that it’s increasingly difficult to distinguish a fake email from a legitimate one, most phishing emails still contain red flags that should make you suspicious—if you know what to look for.

So let’s take a look at an example of a phishing email and the red flags contained within.

Example of a phishing email scam with glaring red flags.

1. The email was unsolicited

As a rule, most companies won’t send you unsolicited emails. So ask yourself, why should you have received this email at all? Attackers expect you to open these emails and click the links without verifying their authenticity.

 

2. A shouty subject line

Attackers know they’re competing for your attention in a crowded inbox. So a common tactic is to use shouty subject lines—in this case: “Important! Your Password will expire in 1 day(s).” 

Such threats and a sense of urgency are designed to make you click suspicious links within the body of the email. This should put you on alert that something phishy might be going on. 

 

3. Slightly misspelled email address or domain

If you’re suspicious about an email’s origins, check the sender. Scammers often use an email address that looks very close to a legitimate one. Close, but no cigar: and that difference is vital. 

The sender name, “LegitBank Security Team,” sounds legit, right? But notice the two spelling errors in the email address: “securiity@legitbamk.com.” 

A top tip is to type the company’s name in a search engine to see what domain of the official website is—which is what will likely follow the “@” symbol in the legitimate email domain—or looking up an email you’ve previously received from them. 

 

4. Unfamiliar or vague greeting

Organizations like your bank have personal details, including your name—so receiving an official-looking email with a vague greeting like “Dear LegitBank user” should put you on alert. If the tone of the rest of the email also sounds out of character, that’s another huge red flag.

 

5. Obvious spelling and grammar mistakes

Many phishing emails contain several spelling and grammar mistakes, which is uncommon from large, professional organizations like banks.

In this example, you can see the inconsistent capitalization of the subject line, the bad grammar in the email text (“Your account password is expire in 24 hours”), and even spelling mistakes in the link URL.

 

Don’t click suspicious links

If you’re suspicious about an email’s origins or intent, definitely don’t click any links within. 

You can even see that the link in this phishing email has a spelling mistake in the URL (LegitBank is spelled with two “i”s). If you click on the link, you’ll be taken to a fake site that may look identical to the original, where you will be prompted to enter your login details or other sensitive information like payment details. 

Sometimes, the fake site will even redirect you to the legitimate site, where you will log in again (this time for real). But it’s too late: Your logins are compromised, and the attacker can access your account. By the time you notice something amiss, they might have already changed the password and the email address for account recovery, locking you out.

Don’t click on suspicious attachments

Attackers need you to open malicious attachments, so will make them look as harmless as possible. The attachment on this phishing email appears harmless enough, instructions for updating your password—but if you’ve already spotted red flags elsewhere, think before you click.

Once opened, the harmless-looking ZIP file could spread malware onto your device (though a malicious PDF or DOC could be just as devastating), which may allow an attacker to log your keystrokes (capturing logins, passwords, email addresses, bank accounts) or install ransomware on your device, encrypting your documents to block access unless you pay a ransom. (Which is another good reason to back your data up regularly.) 

Keep an eye out for things that just look odd

Did you notice that the copyright notice at the bottom of the email is out of date? It says “2011” instead of “2021”. Big corporations are unlikely not to have updated such details in over 10 years, so even small details could be red flags.

At the end of the day, attackers who send phishing emails are relying on you to drop your guard and trust that everything is normal. So always be on alert for glaring red flags that mean something phishing may be going on. 

For more tips on cybersecurity awareness and the biggest news in tech privacy, sign up for the ExpressVPN blog newsletter.

Tim likes to keep an eye on the exciting developments in cryptocurrencies and data privacy when he’s not deep in a podcast, a TV show, or new albums.