How to Spot a Phishing Email

Christian Cawley 18-01-2016

The email drops into your mailbox. It’s from PayPal, informing you that due to some unauthorized use of your account, it has been locked. “Damn hackers,” you think, “trying to guess my password again!”


You need to click the link in the email to re-enable your account and set a new password… but stop right there. The email you’re reading is a very well-crafted phishing email, designed to scam you. The information it contains is false: your account is not locked or restricted.

Phishing emails are becoming increasingly sophisticated, so what can we do to spot one and avoid being scammed?

Spotting a Phishing Email is Tough

While it’s not impossible to spot a phishing email (a message purporting to be from a legitimate company, designed to con you into divulging personal information What Exactly Is Phishing & What Techniques Are Scammers Using? I’ve never been a fan of fishing, myself. This is mostly because of an early expedition where my cousin managed to catch two fish while I caught zip. Similar to real-life fishing, phishing scams aren’t... Read More ) for most people – 80%, according to a new survey by CBS News and Intel Security – it’s pretty difficult. It’s not all bad news though; while I managed 90% in the survey, which you can still take online, a previous Intel survey revealed 94% of information security professionals were tricked by a phishing email at least once.


Being duped by phishing emails means more than just enabling someone to harvest your details. These scammers might glean enough information to be able to steal your identity (available for pennies on the Dark web Here's How Much Your Identity Could Be Worth on the Dark Web It's uncomfortable to think of yourself as a commodity, but all of your personal details, from name and address to bank account details, are worth something to online criminals. How much are you worth? Read More ), use it to borrow money in your name, and leave you with some financial headaches. Meanwhile, that cash is used for illicit purposes, funding illegal industries such as the drugs trade, human trafficking and child pornography. There has even been suggestion in the past few years that terror groups are generating funds by converging their interests with organized crime.


Allowing yourself to be conned and letting the banks and credit card companies clean up the mess is not the answer. At the very least, it is an incredible risk to take, one that can be avoided by educating yourself about how to spot a phishing email.

Some Example Phishing Emails

It’s not possible to share every single example of a phishing email, but the chances are you’ll get one of these over the next few months. Even if you don’t, we can use these examples to demonstrate the continually improving sophistication of these messages. These days, it can be tough to spot a phishing email simply because they look so convincing.



This is a very convincing phishing email targeting PayPal accounts. While phishing messages in the past might have been littered with links, this one just has the single “Log in here.” Style and subtlety clearly win out here, and there is little indicating that it is fake. However, three clues tell us it is a fake:

  • We have a spelling mistake: “its just an error…” which you can see in the bold type towards the end.
  • The sender’s address, “” – this is clearly not PayPal.
  • PayPal will not send you an email with a login link.

Apple – Or Is it a Bank?


This is a very polished phishing email, seemingly from Apple, asking the recipient to check some unread messages. But if you get fooled by this email, you’ve a long way to go:

  • Sender is listed as “” – is this from Apple, or a bank?
  • Hovering the mouse over the “Read Now >” link reveals a link that is clearly not the Apple website (nor that of a bank).
  • The App Store doesn’t store or route messages.

WhatsApp with this Email?


With this email, the presentation is reasonable, but the brevity of content – that there is a WhatsApp message to play – is enough to convince the recipient to click Play to find out who is trying to get in touch. As with the other messages, however, there are clues here:

  • The sender email, “”, has clearly nothing to do with WhatsApp. Arguably, it might be misconstrued by the recipient as being the sender of the voicemail message, but in this case, if it’s an unknown email address, you’d be advised to avoid it.
  • “Whats App” is displayed as two words at the top of the message, and as one word in the footer.
  • I don’t have a WhatsApp account.

In each of the three examples above, there is enough information, if you look closely enough, to determine that the message is bogus. If you receive these or anything else that you have doubts about, you should mark them as junk.

Tools You Can Use to Block Phishing Emails

If you’re still not 100% confident (and you shouldn’t be, as this is a tough game to play), take advantage of the various tools at your disposal that can help with the detection and blocking of phishing emails.

For instance, if you’re using Microsoft’s Outlook email service Hotmail Is Dead! Microsoft Outlook Email Services Explained Stop searching for Hotmail! Microsoft Outlook email services are confusing. Here are Outlook web app, Outlook Online, and others explained. Read More from, you’ll have a built in spam email Still Getting Spam? 4 Email Mistakes to Avoid Today Avoiding spam is impossible. But there are some lesser known tips, tricks, and secrets that can help you fight the battle against suspicious email. Read More detector, which is designed to pick up phishing emails. This works well about 95% of the time, with occasional phishing attempts making it into your inbox. If you spot these, you should mark them as “junk” to help Microsoft prevent them being picked up by other users. You should also take the time to confirm that you’re not spamming your friends with dangerous emails Are You Spamming Your Email Contacts? How to Find Out & Fix the Problem Spam is annoying, but what happens when your email account is the one sending it out? Find out how to recognize the signs and defuse the problem. Read More thanks to malware installed on your PC.

Similarly, Google’s Gmail service will also detect and divert spam and phishing emails to the junk folder, leaving you free to carry on with your email reading without criminal distraction.


Meanwhile, premium online security suites, such as Bitdefender 2016 Bitdefender Total Security 2016 Giveaway; Parrot Bebop Quadcopter with Skycontroller Bundle! With Bitdefender Total Security 2016 now available, we take a look at how it improves on the previous release, whether it deserves its position at the top of the pile of online security suites for... Read More , include tools to protect you from phishing attempts. Rather than protect you at the email inbox level, these tools tend to focus on your browser, and prevent you from visiting fraudulent websites or entering information in them.

Do you know how to spot a phishing email? Have you been caught out in the past? Tell us about it in the comments box below.

Related topics: Email Tips, Online Privacy, Online Security, Phishing.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Anonymous
    January 19, 2016 at 12:47 am

    One thing I've noticed is these emails never address you by name,just "Dear PayPal customer/user/etc ,or something similar. I get occasional notices from my bank,PayPal,etc and they usually address me by name. Of course,never click on links in emails,as Neoalfa pointed out.

  2. Anonymous
    January 18, 2016 at 1:21 pm

    As far as I'm concerned there's only one rule to follow to avoid phishing: don't follow links on mails you haven't requested yourself. The likelihood of a fake mail arriving from a specific sender at the same time as your own request is so low to be laughable.
    I won't even say to check the certificate we can't avoid follow a link, because that's something we should always do when logging into sites with/about our sentitive information.
    It's that simple.

    • Christian Cawley
      January 18, 2016 at 4:20 pm

      Great advice, thanks for sharing.