How to spot a phishing email (with examples)

  • December 21, 2025

We’ve all been there: you’re clearing out your inbox when you see an urgent message from your bank, Amazon, or even your boss. It looks real, it sounds important, and it’s asking you to “click here” to fix a problem immediately. This is the classic setup for a phishing attack, one of the most common ways people lose control of their digital lives.

Phishing isn’t about complex hacking into your computer; it’s about hacking you. By creating a sense of urgency or fear, scammers hope you’ll skip the critical thinking part of your brain and hand over your passwords or credit card numbers. The good news is that once you know what to look for, these emails are actually quite easy to spot.

The Red Flags to Look For

The most effective phishing emails are designed to look like they come from a trusted source. However, scammers almost always leave behind digital breadcrumbs that give them away. If you see any of the following, your “scam-dar” should start ringing.

1. The “From” Address Doesn’t Match

Always look past the display name. A scammer can set their display name to “PayPal Support,” but if you click or hover over the name to see the actual email address, it might look like support@paypalservices-secure-site.com or something even more random. Real companies send email from their official domains (like @paypal.com).

2. A Generic Greeting

Companies you have an account with will almost always address you by your first name. Phishing emails often use generic greetings like “Dear Valued Customer,” “Dear Member,” or simply “Hello.” If a company that handles your money doesn’t know your name, be suspicious.

3. Creating Artificial Urgency

“Your account will be suspended in 24 hours” or “Unauthorized login attempt detected—verify now!” Scammers want you to panic. Panic leads to mistakes. If an email demands immediate action to avoid a negative consequence, take a deep breath and look closer.

Hover your mouse over any link before you click it. Your browser will usually show you the real destination URL in the corner of the screen. If the text says “amazon.com/orders” but the link points to http://bit.ly/scam-link-123, don’t click it. Similarly, be extremely wary of attachments, especially ZIP files or PDFs you weren’t expecting, as these can contain malware.

Phishing Examples in the Wild

To help you get a feel for how these look, let’s break down a couple of common scenarios.

The “Account Problem” Scam

Imagine you get an email from “Netflix” stating that your payment method failed and your subscription will be cancelled today.

  • The Hook: Fear of losing your service.
  • The Trap: A big “Update Payment” button.
  • The Give-away: The email address is netflix-billing@gmail.com and the link goes to a site that looks like Netflix but has a weird URL like netflix-update-account.co.

The “Package Delivery” Scam

You receive a text or email from “FedEx” or “UPS” saying they tried to deliver a package but need you to “confirm your address” or pay a small “re-delivery fee.”

  • The Hook: Curiosity or the desire to get your package.
  • The Trap: A link to a “tracking page” that asks for your credit card info.
  • The Give-away: You didn’t order anything recently, or the tracking number doesn’t work on the official FedEx website.

How to Stay Safe

If you receive an email that feels even slightly “off,” the safest thing to do is to ignore the email entirely. Instead of clicking any links:

  1. Go directly to the source. Open a new browser tab and type the company’s website address manually (e.g., www.bankofamerica.com).
  2. Use the official app. If you have the company’s app on your phone, check your notifications there.
  3. Call them. Use a trusted phone number from the back of your credit card or an official statement—never use a number provided in the suspicious email.

For more information on staying safe online, the Federal Trade Commission (FTC) and the Cybersecurity & Infrastructure Security Agency (CISA) have excellent resources and real-time alerts on new scams.

Remember: No legitimate company will ever be upset with you for being cautious. It’s always better to take an extra minute to verify than to spend weeks trying to recover a stolen identity.

Comments

Note: Comments are provided by Disqus, which is not affiliated with Getting Things Tech.
Search
Related Posts
Sponsored
Recent Posts
categories
Support This Site
Bitcoin Donations:

Litecoin Donations:

Sponsored