Phishing is a scam where someone sends a fake email pretending to be from a real company (Amazon, your bank, Apple, etc.) to trick you into clicking a link, giving up your password, or sending money. Most phishing emails come from people in other countries who target millions of people at once.

What should I do if I clicked a phishing link?

If you only clicked a link but didn't enter anything: usually fine, but change any passwords the page asked for. If you entered your password: change that password immediately from a different device, enable 2FA, and contact your bank if you entered financial info. Don't reply to or open more emails from that sender.

How can I tell if an email is really from Amazon (or my bank)?

Don't click any links in the email. Instead, open a new browser tab and go to the company's website directly. Sign in. If something needs your attention (a real order issue, account problem), it'll be shown in your account. If your account shows nothing, the email was fake.

How to Spot a Phishing Email: 8 Warning Signs

By Isaac Farris·Updated May 23, 2026·7 minute read

Phishing emails have gotten incredibly convincing. The old "Dear Sir, I am Nigerian prince" days are gone. Today's phishing emails look identical to real Amazon, PayPal, Chase, and Apple emails. Here's how to spot them anyway.

The single most important rule

Never click links in emails from companies. Open a new tab, type the company's website yourself, and sign in. If something actually needs your attention, it'll be in your account. If your account shows nothing, the email was fake. Period.

1. Check the sender's actual email address (not just the name)

The display name can say "Amazon Customer Service" but the actual address is what matters. Click the sender's name to see the real email address.

Real Amazon emails come from addresses ending in @amazon.com, not @amaz0n-services.com or @amazonsupport.net.

Real bank emails come from @chase.com or @wellsfargo.com, not @chasecustomerverify.com.

When in doubt, look up the company's real domain. If the email is from anything else, it's fake.

2. Hover over links before clicking (don't click)

On a computer, hover your mouse over any link in the email (don't click). The real destination URL appears at the bottom of your browser or as a tooltip.

What to look for:

Does the URL match the company's website? Or is it something random?
Watch for tricks: amazon-account-update.com isn't Amazon. account.update.amazon.com IS Amazon. The thing right before the .com (or .net, .org) is the real domain.
Watch for typos: arnazon.com (with "rn" instead of "m") is a scam.
URL shorteners (bit.ly, tinyurl.com) are almost always suspicious in this context.

On a phone, long-press the link to see where it actually goes.

3. Watch for urgency and fear

Phishing emails rely on panic. Common urgency tactics:

"Your account will be closed in 24 hours"
"Suspicious activity detected, act now"
"You have an unpaid invoice. Pay today to avoid legal action."
"Your subscription auto-renewed for $399. Cancel within 24 hours."

Real companies give you time. If you feel pressured, slow down and verify through their real website.

4. Spelling, grammar, and formatting

Phishing emails are getting better at this but still slip up. Watch for:

Sentences that sound translated ("Dear Valued Customer, your account being need verification")
Inconsistent capitalization
Generic greetings ("Dear customer" instead of your actual name)
Logos that look slightly wrong (low resolution, wrong colors)
Plain-text emails from companies that normally send polished HTML

5. Generic greetings vs your name

Your real bank knows your name. Real Amazon uses your name. Real Apple uses your name.

If an email says "Dear Customer" or "Hello" with no name, suspect phishing. (Exception: shipping notifications often don't use names. Still verify other details.)

6. Requests for info real companies wouldn't ask for

Real companies never email asking you to:

Confirm your password
Send your Social Security number
Enter your full credit card number to "verify"
Send gift cards as payment for anything
Install software they sent you

If an email asks for any of those, it's a scam.

7. Mismatched details

Look at the whole email together. Does it make sense?

An "Amazon order confirmation" for something you didn't order
A "FedEx tracking notice" when you're not expecting a package
A "PayPal payment" from someone you don't know
A "Microsoft Teams meeting" you weren't invited to

Scammers count on you being curious and clicking. Don't.

8. Strange attachments

Especially:

.zip or .rar files you weren't expecting
Word or Excel files that ask you to "enable macros" or "enable content"
PDFs from strangers
"Invoice.pdf" from companies you don't do business with

Never open these. Delete the email.

What to do with a phishing email

Don't reply or click anything. Just close it.
Report it using Gmail's "Report phishing" option (three-dot menu in the email)
Delete it
Block the sender if you're getting repeated phishing from the same address
If the email impersonates a real company, you can also forward it to their abuse address (e.g., spoof@paypal.com, reportphishing@amazon.com)

What to do if you already clicked or entered info

Don't panic but act fast:

Just clicked a link: probably fine. Run a malware scan to be safe.
Entered a password: change that password immediately from a DIFFERENT device. Enable 2FA on that account.
Entered banking info: call your bank immediately (not from a number in the email. From the back of your card).
Downloaded an attachment: don't open it. Disconnect from internet. Run malware scan. Consider getting professional help.

Video walkthrough

Video by The Cyber Mentor on YouTube

Got a suspicious email and want a second opinion?

If you're not sure whether an email is real or phishing, send us a screenshot. Better to take 5 minutes to verify than fall for a scam.

Get in touch Email Isaac

☕

This kept you safe?

Tips keep these articles coming.

Buy me a coffee