How to Spot a Phishing Email

1
Recognize a Phish-y Email

A typical phishing email
An example of a common phishing email.

Phishing is one of the most prevalent identity theft scams you’ll encounter on the web. It’s estimated that more than 100 billion phishing emails are sent daily. Learn how to recognize them so that you don’t get caught by this common scam.

It starts with opening the email message. As soon as you open a message, you should begin to notice that some things aren't quite right. For example, the message in this item looks to be from a well-known banking institution—Capital One. Most banking institutions, however, don't send emails requesting customers to click on links or provide information.

2
Look at the Email Address

phishing email address

Legitimate institutions that send email to their customers usually send them from an email address that’s associated with their website. In this message, the email address ends with ​​"@online.com." That’s your first clue that this might be a phishing email because the message claims to be from Capital One, which would probably have an email address ending with "@capitalone.com."

3
Beware the Urgent Ploy

high important email notification

Phishers—the criminals who send emails trying to capture your personal information—use any means necessary to get you to respond, and that includes falsely marking email messages "Urgent."

4
Don't Click on Links That May Lead You Astray

link in phishing email

All phishing emails have one thing in common: links that don’t lead where they appear to. Looking at the link in this email message, it appears to lead to ​"onlinebanking.capitalone.com."

One way to tell if what you see is really where you’ll end up is to place your pointer over the link—but don't click it! A pop-up window like the one shown in the image above should appear with the real URL attached to the link. In phishing emails, this address rarely matches what’s displayed in the email.

5
Beware the Regular Maintenance Claims

error in a phishing email

A common tactic used by phishers is telling email recipients that "regular maintenance" turned up an account error of some type. Don’t fall for this.

If your credit card provider or banking institution finds errors in your account, you will most likely receive a letter in the mail explaining the situation. On rare occasions, you might receive a phone call, but even that isn’t likely to happen because of the risks to the creditor or banks that are involved.

6
Beware the Protection Claim

confirm your account in a phishing email

Like marking a message "urgent" or "high-priority," another trick that phishers use is to play on your sense of vulnerability—for example, “Confirm your account now to stop fraudulent activity.” Bad move.

Confirming your account usually means providing all of the identifying information that a criminal needs to gain control of the account. When in doubt, call the number on your credit card or banking statement.

7
Watch Out for Criminally Bad Spelling

spelling error in phishing email

Have you ever seen a piece of mail from your credit card company or bank that included misspellings? Probably not. That’s because those companies pay big money for someone to proofread everything that goes out to customers.

So why would those companies send out email messages that included misspellings and punctuation errors? They wouldn't. Errors of this kind are easy to spot and are sure indicators that an amateur is trying to steal your identity