How to Identify Phishing Emails: A Practical Guide

Published 2025-04-28 by TechNet New England

Phishing remains the most common way attackers compromise businesses. These fraudulent emails trick recipients into revealing credentials, clicking malicious links, or downloading malware. Knowing how to identify them is essential for everyone in your organization.

Red Flags in Phishing Emails

Check the Sender Carefully

• Look at the actual email address, not just the display name
• Watch for slight misspellings (microsoft-support.com vs. microsoft.com)
• Be suspicious of personal email addresses claiming to be businesses
• Legitimate companies send from their official domains

Urgency and Threats

• "Your account will be suspended immediately"
• "Unauthorized access detected - act now"
• "Payment overdue - legal action pending"
• Any email demanding immediate action should raise suspicion

Generic Greetings

• "Dear Customer" or "Dear User" instead of your name
• Legitimate emails from your bank, employer, etc. usually know your name

Suspicious Links

• Hover over links to see the actual URL before clicking
• Look for misspelled domains or unusual URLs
• Be wary of shortened URLs that hide the destination
• When in doubt, go directly to the website instead of clicking

Unexpected Attachments

• Did you expect this attachment?
• Does the file type match what you would expect?
• Be especially cautious of .exe, .zip, and macro-enabled Office files

Requests for Sensitive Information

• Legitimate organizations rarely ask for passwords via email
• Be suspicious of requests for personal or financial information
• Banks and services will not ask you to verify full account numbers via email

What to Do When You Receive a Suspicious Email

1. Do not click any links or open attachments
2. Do not reply to the email
3. Report it to your IT team so they can check for others who received it
4. Delete the email after reporting
5. If you are unsure whether it is legitimate, contact the sender directly using a known phone number or website, not information from the email

What to Do If You Clicked

If you realized too late that you clicked a phishing link or entered credentials:

1. Change your password immediately
2. Report the incident to IT right away
3. Monitor your accounts for suspicious activity
4. If you entered financial information, contact your bank

Real Examples to Watch For

• Fake Microsoft or Google alerts about account security
• Package delivery notifications you did not expect
• Invoice or payment request from unfamiliar senders
• HR emails about benefits changes or policy updates
• IT department requests to reset your password
• Messages from "your CEO" requesting gift cards or wire transfers

When in doubt, verify through another channel. It takes seconds to confirm a legitimate email but weeks to recover from a successful phishing attack.

Want phishing simulation and training for your team? Contact TechNet New England to set up a security awareness program.