play on words. This is a picture of a fish. Not phishing emails.

Ten Tips For Spotting Phishing Emails

Every day millions of phishing emails are sent to unsuspecting victims all over the world. I know because I receive five or six myself in my spam folder every day. While some of these messages are so outlandish it’s obvious they are fraud, others can be a bit more convincing. So how do you tell the difference between legitimate emails and phishing emails? Unfortunately there is no single way, but this post provides ten tips for spotting a phishing emails.

Ten Tips For Spotting Phishing Emails

#1 URLs contain a misleading domain name

People who launch phishing scams often rely on victims who don’t know much about technology or how the DNS naming structure for domains works. The last part of a domain name is the most telling. For example, the domain name would be a child domain of because appears at the end of the full domain name (on the right-hand side). Conversely, would clearly not have originated from because the reference to is on the left side of the domain name.

This happens all the time, especially when the phishing criminal uses a trusting name like Microsoft or Apple or even the IRS. The resulting domain name looks something like this:

#2 The message is poorly written with grammar and spelling mistakes

Whenever a company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality. So if a message is filled with poor grammar or spelling mistakes, it probably didn’t come from a major corporation’s legal department.

#3 The message asks for personal information

This is usually a major red flag. No matter how official an email message looks, it’s always a bad sign if the email asks for personal information. Your bank or credit card company already know your account number and social security number.

#4 The message contains a mismatched url

One of the first things you should check in a suspicious email message are any embedded URLs. Often the URL in a phishing message will appear to be perfectly valid but if you hover your mouse over the top of the URL, you see the actual hyperlinked address (at least in Outlook) and if the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.

#5 The message looks too good to be true

If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.

#6 You’re asked to send money to cover expenses

You might not get hit up for cash in the initial message. But sooner or later, phishing criminals will ask for money to cover expenses, taxes, fees, or something similar. If that happens, you can bet that it’s a scam.

#7 You didn’t initiate the action

If you get an email congratulating you on winning the lottery, but you never bought a ticket, you can bet that it’s a scam. If you didn’t do something to initiate the action, it is probably a scam.

#8 The message makes unrealistic threats

Most phishing scams try to trick people into giving up cash or sensitive information by promising instant money. However, some phishing scams use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it’s probably a scam. Let me give you an example.

I once received an email from what looked like the IRS. Everything looked legitimate except for one thing. The letter said my account had been compromised and that if I did not submit a form (which asked for my social security number) along with two picture IDs, my assets would be seized.

I knew this was a scam because the IRS doesn’t send out emails like this. The IRS sends out its threats via snail mail.

#9 The message appears to be from a government agency

Government agencies in the U.S. don’t normally use email as an initial point of contact.

#10 Something is fishy

If you receive a message that seems suspicious, it’s usually in your best interest to avoid acting on the message. On the off chance that it’s a real message, usually the real person will find another way to contact you.