7 Ways to Spot a Phishing Scam

It’s early in the morning, and you’ve just made a cup of coffee. You’re checking your email when you see one from PayPal, informing you there is an issue with your account and to ‘click here’ to verify your account. The email even features the official PayPal logo.

Because it’s early and your coffee hasn’t kicked in yet, you might think the email is legitimate and click the embedded link or attachment. And you might end up sorry if you did. If you’d taken a closer look, you’d have realized it was a phishing email.

Phishing emails are designed to look like legitimate messages from actual banks, businesses, and other organizations. In reality, though, criminals created the message, usually in an effort to steal your money, identity, or both. They want you to click links that will take you to a website that looks authentic but is really just there to capture your credit card or other personal information or perhaps to distribute malware.

Here are some ways to spot phishing emails, and what you can do to protect yourself.

Seven Ways to Spot a Phishing Email
1. The email has improper spelling or grammar
This is one of the most common signs that an email isn’t legitimate. Sometimes, the mistake is easy to spot, such as ‘Dear eBay Costumer’ instead of ‘Dear eBay Customer.’

Others might be more difficult to spot, so make sure to look at the email in closer detail. For example, the subject line or the email itself might say “Health coverage for the unemployeed.” The word unemployed isn’t exactly difficult to spell. And any legitimate organizations would have editors who review their marketing emails carefully before sending it out. So when in doubt, check the email closely for misspellings and improper grammar.

2. The hyperlinked URL is different from the one shown
The hypertext link in a phishing email may include, say, the name of a legitimate bank. But when you hover the mouse over the link (without clicking it), you may discover in a small pop-up window that the actual URL differs from the one displayed and doesn’t contain the bank’s name. (You should be aware that not all email software would show the actual URL in a pop-up window, however). Similarly, you can hover your mouse over the address in the ‘from’ field to see if the website domain matches that of the organization the email is supposed to have been sent from.

3. The email urges you to take immediate action
Often, a phishing email tries to trick you into clicking a link by claiming that your account has been closed or put on hold, or that there’s been fraudulent activity requiring your immediate attention. Of course, it’s possible you may receive a legitimate message informing you to take action on your account. To be safe, though, don’t click the link in the email, no matter how authentic it appears to be. Instead, log into the account in question directly by visiting the appropriate website, then check your account status.

4. The email requests for personal information
Reputable organizations don’t ask their customers for personal information via email. If you have a checking account, your bank already knows your account number.

5. The email says you’ve won a contest you haven’t entered
A common phishing scam is to send an email informing recipients they’ve won a lottery or some other prize. All they have to do is click the link and enter their personal information online. Chances are, if you’ve never bought a lottery ticket or entered to win a prize, the email is a scam.

6. The email asks you to make a donation
As unbelievable as it may seem, scam artists often send out phishing emails inviting recipients to donate to a worthy cause after a natural or other tragedy. For example, after Hurricane Katrina, the American Red Cross reported more than 15 fraudulent websites were designed to look like legitimate Red Cross appeals for relief efforts. Potential victims received phishing emails asking them to donate to the Red Cross, with links to malicious sites that stole their credit card numbers. If you’d like to make a donation to a charity, do so by visiting their website directly.

7. The email includes suspicious attachments
It would be highly unusual for a legitimate organization to send you an email with an attachment, unless it’s a document you’ve requested. As always, if you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware.

What to Do About Phishing Emails
In addition to learning how to spot a phishing email, here are a few other things you can do to better protect yourself and others from phishing scams.

Adjust your email settings for what is allowed in your inbox
Depending on which email platform you use, you likely have the option to have all incoming email sent to junk except for those from your contacts and safe senders. Doing this helps to prevent you from inadvertently clicking on a phishing email you thought was from a legitimate sender. Since you’ll have the email address for your bank in the safe senders list, any email pretending to be from your bank will end up in your junk box. Also, it’s much more convenient to click “empty junk” rather than having to sift through your inbox for potential junk.

Security software is a must
While email providers do a decent job in filtering out junk or spam email, it always helps to have additional layers of security in place. The most comprehensive one is ZoneAlarm Web Secure Free Chrome Extension,  which has an anti-phishing feature that scans emails and sites for phishing threats before you get the chance to insert your credentials, thus preventing you from falling victim to phishing attacks. Moreover, it offers a “safe search engine” which shows you which websites are safe and which are not and sanitizes your web downloads from malicious files. The best part? It’s completely free!

In the event you accidentally click on a phishing email you thought was legitimate, an antivirus, such as ZoneAlarm Extreme Security (which also includes the aforementioned anti-phishing feature) is there to warn you that the site you landed on is a forgery. If the website you landed on tries to distribute malware through drive-by-download, your security software can detect and stop the malware from executing.

Report the phishing scams
Microsoft offers tips for users of Internet Explorer, Outlook.com, and Outlook desktop software on reporting phishing scams. Google offers online help for reporting phishing websites and phishing emails. Also, the U.S. government offers tips for protecting yourself from phishing scams as well as an email address for reporting scams: [email protected].

Test your phishing IQ
PayPal has a ‘Can You Spot Phishing?’ online quiz to test how savvy you are about scam emails. How well did you do?

Get ZoneAlarm Extreme Security

Get it now

29 comments on “7 Ways to Spot a Phishing Scam

  • Debbie Wiles says:

    And let’s not forget the most basic give away. Instead of addressing you by name, which any financial organization (banks, PayPal, eBay, etc) would know, they address you by your email address, forum user ID, or some other way that you are known on whatever site they got your email from.

    • I had e-mail purporting to be from Halifax:-

      “Dear Valued Customer”

      If they don’t use your name they’re not legit.

  • Geoff Hosking says:

    Regarding the PayPal phishing, it is worthwhile noting the email address it came from. I have recently sent to PayPal an email, just like the one you describe. The address from which it came, after the @, was e.paypal.

  • Great tips.

    For me I already know about most of them. However, I think that there are people who trust any one. It’s the time to stop trusting people you don’t know, especially, those who mask themselves behind emails and nicknames.

  • Misspelled Word – ‘one’ should be ‘on’
    Security software is a must
    While email providers do a decent job in filtering out junk or spam email, it always helps to have additional layers of security in place. In the event you accidentally click on a phishing email you thought was legitimate, your security software is there to warn you that the site you landed on is a forgery. If the website you landed **one** tries to distribute malware through drive-by-download, your security software can detect and stop the malware from executing.

    • Another way to combat viruses and malware attacks…is to set up your pc with an administration account that you don’t actually use, and all users on the pc would be set up as limited users. Essentially, doing this will stop 99% of all attacks from compromising your machine…without having the admin authority the virus/malware basically can’t execute….however, it’s still a good idea to still have a backup system in place in case your machine gets compromised, you don’t lose all of your data.

  • Thanks – brilliant, very well explained article! As Granddad forgets the warnings – and is not too good at Copy and Paste – a DIY printable PDF version would serve him (and me) very well. He could nail it to his wall over his desk!
    Something to consider for future articles? 🙂

    • Stripe the article text – cntl-c (copy) – cntl-v (paste) into a text editor or word processor – and you will have a printable copy – some word processors can save it as pdf if you desire.

  • John Goodin says:

    One of the best ways for safety in visiting web sites is to use community based filtering addons for your web browsers such as Web of Trust (WOT). Also your security software often has addons for doing safe searches or toolbars to help integrate your web experience. Also any community based forums your security software sponsors are all good ways to educate yourself. The old saying of “An Ounce of Prevention is Worth a Pound of Cure” is more true in todays electronic culture than ever before in history.

  • glad to see affirmative action against this type of crime, common folks are lacking the simple knowledge to keep themselves safe from on line thieves…thank you zd for the info and I will pass it on to others

  • Mark Walton says:

    The only phishing e-mails I report are those that purport to come from companies i actually deal with. All others – delete.

  • Another one that I have been getting lately is a notice to appear in court. No court is going to send you an e-mail. They may send you a real letter by snail mail, in which case you can call the court to make sure that it is real.

  • Report the phishing scams:
    The MS link targets more notes about recognising rather than reporting. The Google link obviously helps Google filter out fake sites, which doesn’t mean they persue the scammers on behalf of the affected companies and not all companies show that much interest in doing much reporting of their own, or have the courtesy to acknowledge reports!
    When reporting, be sure to include the full header information to help any investigator’s trace.
    I’ve been reporting scams for well over a decade now, when this hardly ever happened and what really bugs me is the time I have to take finding out how each company want to receive the report (or not!)
    Some do not make this prominent, or easy to find via security/contact pages, some just advise deletion.
    Each company states a different form of email address for reporting e.g. .. [email protected]~, [email protected]~, [email protected]~, [email protected]~, [email protected]~ …[email protected]~ and so on (where ~ represents the main domain name of the company).
    I would really like to be able to just immediately forward the questionable email to just one of these forms. However, if I loose patience in finding a ‘right’ one and just send to [email protected]~ I know I’m likely to get a bounce message back meaning it was not delivered. It would really help if postmasters at all companies set the more obvious and simple versions people might try to be equally accepted. (it would be too much to expect them all to get together to agree on just one).

  • John Długosz says:

    The problem with #2 is that all newsletters/flyers/etc. now have links that don’t match, causing the “may be a scam” banner to show.
    It seems that they go through forwarding services that count responses to the email.
    See the website I noted in my info for my ongoing writeup of tracing where phishing email gets its addresses to send to. If it came from the database of the company that claimed to send it, it is even more difficult as it might know your special nickname or whatnot that the company claims will note a legitimate email!

  • Alfred Rongess says:

    The article gives anyone a good weapon to beat off scammers. Just be cautious and let ’em end up in misery!

  • Sorry, but you are hearing from one of the Phishtank experts here and I am going to tell you that the best phish have a substitute URL that shows you the real deal when you hover over the link.

    The safest way to read email is with a viewer that doesn’t render HTML like Thunderbird. EIther the phish stand out like a sore thumb (e.g. it is an HTML attachment rather than in the email message itself, false URLs stare you in the face, etc,.) or it completely disapppears because it is all HTML. That is not just the best but about the only way to fight phish.

    If ZoneAlarm is still using Kaspersky’s definitions under the hood it is one of the AV packages that detected a phish I got just yesterday pretending to come from HMRC. The others were Sophos, F-Prot, and Commtouch.

    • Here is the VirusTotal URL for the scan of said HMRC phish which was an attached HTML file:


      My comments are there because it is almost iimpossible to automate the tests at PhishTank so it really IS the AV packages responsibility to detect the attachments.


    I really like how this arcticle shows what to look for in scams on websites because earlier this year I accidently downloaded a virus which made it hard to take my online classes for winter so hopefully now I will screen any emails


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.