An email arrives that looks like it is from your bank. It says there is a problem with your account and you need to click a link to verify your information. The logo looks real, the formatting looks official, and the message creates a sense of urgency — your account will be locked if you do not act now.
This is a phishing email, and it is designed to make you act before you think. Phishing is one of the most common ways people get their accounts compromised, and it works because the emails are designed to look trustworthy.
The first thing to check: the sender’s email address
The display name of an email can say anything. An email might show “Your Bank” as the sender name, but the actual email address behind it might be something like security@your-bank-verify.xyz or support@account-help-center.example.
To see the real email address, look at the “from” field carefully. On most email clients, you can click or tap the sender name to expand it and see the full address.
Legitimate companies send emails from their actual domain. If the email claims to be from a company you use but comes from a random domain that does not match that company’s website, treat it as suspicious.
The tricks they use
Urgency and threats. Phishing emails often create urgency to prevent you from thinking carefully. “Your account will be suspended in 24 hours.” “Unauthorized login detected — act now.” “Your payment was declined — update your information immediately.”
Legitimate companies do contact you about account issues, but they do not usually threaten immediate consequences if you do not click a link in an email. If an email is pressuring you to act fast, slow down and check it carefully.
Generic greetings. “Dear Customer,” “Dear User,” or “Dear Account Holder” are common in phishing emails. If your bank or a service you use emails you, they usually address you by name because they have your name on file.
Links that do not go where they appear. Phishing emails include links that look legitimate but lead somewhere else. The link text might say https://www.yourbank.com/login, but if you hover over it (without clicking), you might see it actually goes to a completely different URL.
Always hover over links before clicking. If the actual URL does not match the company’s real website, do not click it.
Requests for personal information. Legitimate companies do not ask you to send passwords, Social Security numbers, or credit card details by email. If an email asks you to “verify” or “confirm” personal information by clicking a link, be suspicious.
Poor spelling and formatting. While some phishing emails are well-written, many have awkward phrasing, unusual spacing, or formatting that looks slightly off. Official company emails are usually professionally written and formatted.
What to do if you are not sure
If an email looks like it might be real but you are not sure:
Do not click any links in the email. Instead, open your browser and go directly to the company’s website by typing the address yourself. Log in there and check if there are any actual alerts or issues with your account.
Contact the company directly. Use the phone number or email address from the company’s official website (not from the suspicious email) to ask whether they sent the message.
Check the email’s full headers. In most email clients, you can view the full details of an email — look for an option like “Show original,” “View message source,” or “View headers” in the email’s menu. This shows where the email actually came from. If the originating server does not match the company’s real domain, the email is not legitimate. This takes a few extra steps, but it is the most reliable way to confirm whether an email is real.
A real example
You receive an email that says:
Subject: Your payment account has been limited
Dear Customer,
We have noticed unusual activity on your account. Your account has been limited until you verify your information. Click here to restore access.
If you do not verify within 24 hours, your account will be permanently suspended.
The email looks official and uses familiar colors and a logo. But:
- The sender address is
security@payment-verify-notice.com, not the company’s real domain - The greeting is “Dear Customer” instead of your name
- The email creates extreme urgency with a 24-hour deadline
- The link, if you hover over it, goes to a website that does not match the company’s real website
This is a phishing email. The right response is to delete it and, if you are concerned, log into the real service directly through your browser to check your account.
What to do if you clicked a phishing link
If you clicked a link in a phishing email and entered your password or other information:
- Change your password for that account immediately
- If you used the same password on other sites, change those too
- Enable two-factor authentication on the account if you have not already
- Monitor the account for unusual activity
- If you entered financial information, contact your bank
Do not feel embarrassed — phishing emails are designed to trick people, and even careful people get caught sometimes. The important thing is to act quickly once you realize what happened.
Staying alert over time
Phishing techniques evolve constantly. The tips here cover the most common tricks, but new methods appear regularly. A good general rule is: if an email asks you to click a link and enter personal information, verify the request through a separate channel before acting on it.
Related guides
- How to Create a Strong Password — making better passwords so a phishing breach is less damaging
- How to Organize Account Information — keeping your account details in one place so you notice when something does not look right