What Is Phishing?
Phishing is a type of online scam where criminals impersonate trusted organizations — banks, government agencies, popular services like Amazon or PayPal — to trick you into handing over personal information, passwords, or money. The name comes from "fishing": casting a wide net and hoping someone takes the bait.
Phishing has become more convincing over time. Many scam emails now look nearly identical to legitimate ones. But there are still reliable warning signs if you know what to look for.
Warning Sign #1: Urgent or Threatening Language
Phishing messages almost always try to create panic or urgency. Common phrases include:
- "Your account has been suspended. Act now."
- "Unusual activity detected — verify your identity immediately."
- "Your payment failed. Update your details within 24 hours or your account will be closed."
Legitimate organizations rarely use this tone. If an email is pressuring you to act immediately or threatening negative consequences, slow down and verify independently.
Warning Sign #2: Suspicious Sender Address
Always check the actual email address — not just the display name. Scammers can set the display name to "PayPal Support" or "Amazon" while the actual sending address is something like noreply@amaz0n-security-alerts.com.
- Look for misspellings in the domain name.
- Check for domains that add extra words (e.g., "amazon-security.com" instead of "amazon.com").
- Be wary of emails coming from generic services like Gmail or Outlook claiming to be your bank.
Warning Sign #3: Generic Greetings
Phishing emails are usually sent in bulk. They often use generic salutations like "Dear Customer," "Dear User," or "Hello Account Holder" rather than your actual name. Legitimate companies you have an account with will typically address you by your name.
Warning Sign #4: Suspicious or Mismatched Links
Before clicking any link in an email, hover over it with your mouse (on desktop) to preview the actual URL. Ask yourself:
- Does the URL match the company's real website?
- Is it using a subdomain trick like paypal.fake-site.com (where the real domain is fake-site.com)?
- Does it use a URL shortener like bit.ly to hide the destination?
When in doubt, don't click the link. Instead, open a new browser tab and navigate directly to the company's website.
Warning Sign #5: Requests for Sensitive Information
Legitimate organizations will never ask you to confirm your password, full Social Security number, credit card details, or other sensitive information via email. If an email asks for this, it's almost certainly a scam.
Warning Sign #6: Poor Grammar and Spelling
Many phishing emails — especially those originating from overseas — contain grammatical errors, awkward phrasing, or unusual formatting. While well-crafted scams exist, sloppy language is still a common red flag worth noticing.
Warning Sign #7: Unexpected Attachments
Never open an email attachment you weren't expecting, especially from an unfamiliar sender. Common file types used in phishing attacks include .exe, .zip, .doc, and .pdf files containing malware. Even if the sender appears legitimate, verify with them through another channel before opening.
What to Do If You Receive a Suspicious Email
- Don't click any links or download attachments.
- Don't reply — even replying confirms your email address is active.
- Verify independently: Go directly to the company's official website or call their published customer service number.
- Report it: Most email clients have a "Report Phishing" option. Use it — it helps protect others.
- Delete the email.
If You Think You've Been Phished
Act quickly:
- Change your password immediately on the affected account.
- Enable two-factor authentication (2FA) if you haven't already.
- If financial information was compromised, contact your bank right away.
- Monitor your accounts for unusual activity in the following weeks.
Phishing works by exploiting trust and urgency. By slowing down and applying these checks, you significantly reduce your risk of falling victim to even a convincing scam.