How to Recognize a Phishing Email

PDF download Download Article
PDF download Download Article

Phishing emails are becoming a more common occurrence in today’s society. Sometimes they can be sneaky. Phishing emails are a problem because they trick people into giving up sensitive information like passwords or credit card numbers. They can look really convincing, which makes it easy to fall for them without realizing it's a scam. Below is a step-by-step guide using a fake email to show how to spot a scam before you get scammed.

Part 1
Part 1 of 4:

Check the Sender and Assess the Tone

PDF download Download Article
  1. 1
    Inspect the email address. The message claims to come from Netflix, but the sender’s email is from a Gmail domain. The domain of an email is the part that comes after the “@” symbol, and it shows where the email is coming from, like in user@gmail.com, "gmail.com" is the domain. A gigantic company like Netflix will not use Gmail for its email domain. Some email services, like Outlook, will warn the user if an email comes from outside the organization.
  2. 2
    Catch the spelling or grammar mistakes. Many phishing emails include phrases or typos that don’t make sense because they’re rushed or translated poorly. Sometimes, scammers even make these mistakes on purpose. They’re designed to look for vulnerable people who will overlook the errors.
    Advertisement
  3. 3
    Notice the generic greeting. Instead of using the recipient's name, it says “Dear Customer.” Real services similar to Netflix will include an actual name if you have an account. If it’s generic, that’s a big hint that they don’t know who they are sending this to.
  4. 4
    Watch for any scare tactics and sense of urgency. The email warns to act fast or lose the account. Phrases like “your account is suspended” and “respond within 24 hours” are meant to cause panic, and people will rush to “correct the issue.” The added pressure is a classic phishing trick. The wording could also sound like they’re performing a favor. Notice the “suspended for your protection.”
    5. Advertisement
Part 2
Part 2 of 4:

Examine Links, Attachments, and Appearance

PDF download Download Article
  1. 1
    Hover over the links. Don’t click right away. Hover the mouse over the link and see where it leads. In this case, it looks like a Netflix link, but points to google.com, which is not what the hyperlink’s text says.
  2. 2
    Avoid downloading attachments. This email includes an “invoice.zip” file that it says shows suspicious charges. Unsolicited attachments are dangerous. They often contain malware or a virus that can infect a computer and cause more problems. Never open an attachment from an untrusted sender.
  3. 3
    Review the layout and branding. The email is plain, missing the usual Netflix logo and polished formatting. Real company emails are usually professionally designed and follow a consistent style. Check to see if you have old emails from Netflix, or visit the website and compare. If it looks thrown together or that it could possibly be a mass email, remain cautious and be skeptical.
    4. Advertisement
Part 3
Part 3 of 4:

Take Action to Verify the Message

PDF download Download Article
  1. 1
    Go directly to the source. Instead of clicking any links, go straight to Netflix.com. If there’s a problem with the account, you’ll see it upon login. Don’t trust what the email says; check on your own. Netflix, like other websites, has a help section dedicated to phishing emails.
  2. 2
    Refuse to share sensitive information. This message says to confirm billing details. This is a huge red flag. Legitimate companies won’t ask for credit card numbers, passwords, or other personal info over email. A legitimate company will already have that information on file.
    3. Advertisement
Part 4
Part 4 of 4:

Protect Yourself and Follow Up

PDF download Download Article
  1. If possible, turn on 2FA (two-factor authentication). 2FA is a security process that requires you to verify your identity using two different methods, like a password and a code sent to your phone. It adds an extra step that makes it much more difficult for someone to break into your accounts, even if they have your password.
  2. 2
    Report the phishing attempt. If an email seems suspicious, forward it to the company it’s pretending to be from. For Netflix, send it to phishing@netflix.com. You can also report general phishing to reportphishing@apwg.org.
  3. 3
    Delete the message. Once it's reported, get rid of the email completely. That includes the trash folder. Go to the trash folder, select the email, and “delete forever.”  It’s easy to click something by mistake later, so it’s best to clear it out right away.
    4. Advertisement

Expert Q&A

Ask a Question
200 characters left
Include your email address to get a message when this question is answered.
Submit
      Advertisement

      Tips

      Submit a Tip
      All tip submissions are carefully reviewed before being published
      Name
      Please provide your name and last initial
      Submit
      Thanks for submitting a tip for review!

      You Might Also Like

      How to
      Clear Your Browser's Cookies
      How to
      Block Cookies in Chrome, Safari, & More
      4 Simple Ways to View Cookies in a Web Browser
      4 Ways to Block Porn on Android from Websites and Apps
      How to
      Access Blocked Websites
      How to
      Verify a PGP Signature
      How to
      Delete Tracking Cookies
      Block a Program from Accessing the Internet with Windows Firewall
      Everything You Need to Know About VPNs and Your Phone
      End McAfee Pop-Up Notifications on Windows and macOS
      How to
      Keep Your Address Private
      How to
      Hack a Computer
      How to
      Install an SSL Certificate on a Server
      How to
      Be Anonymous Online: 15 Privacy-Boosting Tricks
      Advertisement

      References

      1. https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
      2. https://www.ncsc.gov.uk/files/Phishing-attacks-dealing-suspicious-emails-infographic.pdf

      About This Article

      Thanks to all authors for creating a page that has been read 8 times.

      Is this article up to date?

      Advertisement