How to recognize a phishing email

Learn how to spot fake emails that try to steal your personal information, and what to do if you receive one.

Easy 5 steps Web ~8 min March 27, 2026

What you will learn

In this guide, you will learn how to recognize fake emails (called phishing emails) that try to trick you into sharing personal information like passwords or bank details. You will also learn what to do if you receive one and how to report it.

What you need

  • An email account (Gmail, Outlook, Yahoo, or any other)
  • A few minutes of attention when reading emails

The steps

Step 1: Check the sender’s email address

Look at who sent the email. Not just the name, but the actual email address. To see it, tap or click on the sender’s name. A real email from your bank will come from an address like support@yourbank.com. A fake one might come from something like support@yourbank-security-alert.com or a random string of letters. If the address looks strange, be suspicious.

Step 2: Look for urgent or threatening language

Phishing emails try to scare you into acting fast. They might say things like “Your account will be closed in 24 hours” or “Unauthorized access detected — act now.” Real companies rarely pressure you like this. If an email makes you feel anxious or rushed, that is a warning sign. Take a breath and look more carefully.

Before you click any link in the email, hover your mouse over it (on a computer) or press and hold it (on a phone). This shows you where the link actually goes. If the link address looks different from what you expect, or has misspellings in the website name, do not click it. For example, a link that says “Go to PayPal” but points to paypa1-secure.com is fake.

Step 4: Look for other warning signs

Check the email for these common red flags:

  • Spelling and grammar mistakes in an email that claims to be from a big company
  • Generic greetings like “Dear Customer” instead of your actual name
  • Requests for personal information such as passwords, credit card numbers, or your Social Security number. Real companies will never ask for these by email
  • Unexpected attachments that you did not request

Step 5: Report the email and delete it

If you believe the email is fake, do not reply to it. In most email apps, you can mark it as spam or phishing:

  • In Gmail: Open the email, tap the three dots at the top right, and select Report phishing
  • In Outlook: Select the email and click Report then Report phishing
  • In Yahoo Mail: Select the email, click the three dots, and choose Report a phishing scam

After reporting, delete the email from your inbox.

Helpful tips

  • When in doubt, go directly to the website: Instead of clicking a link in an email, open your browser and type the company’s website address yourself. Then log in from there.
  • Your bank will never ask for your password by email: This is a universal rule. If any email asks for your password, it is fake.
  • Tell someone you trust: If you are not sure about an email, ask a family member or friend to take a look. A second pair of eyes helps.
QR Code

facil.guide

Scan to read online

Frequently asked questions

What if I already clicked a link in a phishing email?

Do not panic. Close the page immediately. If you entered a password, change that password right away from a different device or browser. If you entered bank details, contact your bank immediately. Run a virus scan on your device to be safe.

Can phishing emails look real?

Yes. Some phishing emails look very convincing, with real logos and professional formatting. That is why you should always check the sender's email address carefully and never click links when you feel pressured to act quickly.

Didn't find what you're looking for?

Tell us what guide you need and we will write it for you.

Related guides

How to create a strong password 6 steps · Easy How to tell if a text message, email, or call is a scam 7 steps · Easy How to Recognize a Scam Email 6 steps · Easy