How to Recognize Phishing Emails

A phishing email is a spam message that tries to trick you into divulging sensitive or personal information, like passwords or account numbers, by posing as a legitimate business or service. Falling for a phishing attempt not only exposes your own private information—it can also open the door for attackers to access your workplace's data.

If an unsolicited email asks you to click on a link to "fix" your account, or even just to confirm your account details, chances are that it is phishing. There are always exceptions, however, so here is some helpful advice on how to tell the difference between phishing and legitimate emails.

Telltale signs

Phishing emails can be very convincing, which is why it's important to step back for just a moment and look for these key things in every email you get:

  • From address: Always check that an email has come from an appropriate, and legitimate, address. Don't only go by the displayed name in the "from" field, always check the address as well.
  • Non-standard formatting: Official emails from reputable companies tend to follow a known format. If the text looks blurry or the alignment of certain elements is off, it might not be legitimate.
  • Spelling and grammar errors: This tends to be more obvious, but sometimes you have to look harder for it. If there are misspelled words, or if something's a little off with the sentence structure, be wary.
  • Urgency: Phishing emails may try to scare you by saying your account will expire, for example, if you don't take immediate action. They introduce an element of panic to try to cloud your judgment. Reputable companies generally won't send this sort of email.
  • Links: Before you click on a link in an email, hover your cursor over it first to see a pop-up showing where it actually goes. Don't click the link if it doesn't lead to a relevant and legitimate site. In fact, your best course of action is usually to browse the company's website on your own, without clicking on provided links. (One exception is when verifying your email for an account you know you just created—but still hover over that link to be sure!)

Phishing examples

These examples highlight elements that give away that they're phishing attempts. They may seem obvious here, but in the moment of rushing through your real-world inbox, these irregularities might not stand out so starkly.

Email #1

Phishing Email Example #1

There are several tip-offs that this email is not legitimate—starting with the fact that Emerson passwords do not expire!

Phishing Email Example #1

Official communications from Emerson College will only ever come from an email address. This should be the first thing you look at when you get a message with a call to action: Who sent it? If it's someone you know, is this the kind of email they'd usually send you, or could their account have been compromised?

Phishing Email Example #1

This message doesn't have the same formatting as other Emerson IT emails, and the sender signed it with a generic “System Administrator" title. Also, note the grammar mistakes in this message: inappropriate capitalization and missing punctuation.

Finally, always be careful when an email includes a link, especially when it's masked by words like "Click Here." Hover your mouse over the link for a moment to double-check where it actually leads. Phishing emails will almost always try to trick you into going to a malicious website like the one above.


Email #2

This next example looks very different from the first, even though all the same things are wrong with it!

Phishing Email Example #2

The Sender name says "Postal Service," but its email address is from a completely unrelated website. Also, the content of the email suggests that the message is from DHL, not the Postal Service. It's important to keep an eye out for small details like this.

Phishing Email Example #2

Just like in the first example, both of the links in this email are masked. When you hover over them, you'll see they definitely have nothing to do with a delivery! Whenever you receive a parcel tracking number, try searching for it on Google or on the courier service's website instead of clicking the emailed link.

What to do?

Now that you found an email that appears to be a phishing attempt, what should you do? The first step is to forward the email to This will create a ticket containing the email in question. From there, the Help Desk will see if any other users received similar emails and take action as necessary. Next, you can click Report Spam while the email is open.


This will help Google to learn that this message is spam so as to better block it in the future


As with most rules, there are always exceptions. Even the most reputable companies may sometimes send suspicious-looking emails, just as attackers can send incredibly convincing phishing emails. Using these guidelines with each and every email you receive will help you tell the difference, so you can keep your information, and that of your friends and colleagues, safe.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a ticket