Email Phishing Attacks: How to Spot Them and Stop Them Before It’s Too Late

📘 Chapter 3: How to Identify Phishing Emails

🔐 Introduction

Phishing emails have evolved far beyond obvious spam and broken English. Today, they are often polished, personalized, and frighteningly convincing. Detecting them requires a sharp eye, critical thinking, and a good understanding of phishing red flags.

In this chapter, we’ll equip you with a systematic framework to identify phishing emails — even the subtle ones that slip past spam filters. You’ll learn how to examine email headers, spot malicious attachments, verify links, and protect yourself from social engineering tactics.

🕵️‍♂️ Why It’s Getting Harder to Spot Phishing Emails

✅ Red Flags: The Quick Checklist

🔍 Always inspect these elements in any suspicious email:

• Sender address
• Subject line
• Greeting/salutation
• Tone and urgency
• Spelling/grammar errors
• Hyperlinks (hover before you click!)
• Unexpected attachments
• Requests for sensitive information

📧 Anatomy of a Phishing Email: What to Examine

Let’s break down each element with examples and indicators of deception.

📮 1. Sender's Email Address

Look for:

• Misspellings or domain lookalikes (e.g., @paypall.com)
• Public domains instead of official ones (e.g., @gmail.com for a bank)
• Mismatches between display name and email address

📝 2. Subject Line Tactics

Common tricks:

• Creating urgency or threats
• Promising prizes or refunds
• Implying legal or HR action

Examples:

• “Your account will be closed in 24 hours!”
• “Invoice attached – payment overdue”
• “Action required: unusual login attempt”

🧑‍💼 3. Greeting and Tone

Generic greetings = red flag.
Legit companies often use your real name or account number.

🔗 4. Hyperlinks: Where Do They Really Go?

Always hover over links (don’t click) to see the actual destination.

Suspicious signs:

• Link text doesn’t match destination
• Shortened URLs (bit.ly, tinyurl)
• Foreign or unusual domains

Safe links:

• Consistent with company domain (e.g., paypal.com)
• Start with https:// (though this alone is not proof)

📎 5. Attachments: What Are You Downloading?

Common phishing file types:

• .exe, .scr, .js, .docm, .zip, .pdf (especially password-protected)

Legit companies rarely send unsolicited attachments.

🧠 6. Social Engineering Tricks

Phishers manipulate human emotions.

🧰 Technical Clues Hidden in the Email Header

Advanced users and admins can inspect email headers for:

• Return-Path mismatches
• SPF/DKIM/DMARC failures
• Unusual IP geolocation
• Forged Reply-To addresses

Many email platforms like Gmail and Outlook let you view full headers to trace the origin of a message.

🔍 Real-Life Examples: Spot the Phish

🧪 Example 1: Fake Dropbox Link

From: dropbox@secure-docs.co
Subject: “Shared document for review”
Link: http://dropbox-login-authenticate.ru

Red Flags:

• Not a Dropbox domain
• Generic subject
• Russian domain ending

📦 Example 2: Amazon Refund Scam

“You are eligible for a $255 refund. Click here to proceed.”
Attachment: refund-form.zip

Red Flags:

• Unsolicited attachment
• Dollar amount as bait
• Pressure to act quickly

🔐 Example 3: CEO Spoof

From: ceo@companyexecutive.com
“Please process the payment ASAP. I’m in a meeting, don’t call.”

Red Flags:

• No greeting
• No context
• Urgency + isolation tactic

📊 Phishing Email Red Flag Matrix

✅ Tips to Train Yourself (and Others)

• Pause before clicking anything.
• Verify by phone if you’re unsure — especially for financial requests.
• Use "Report Phishing" options in Gmail, Outlook, etc.
• Enroll in phishing simulation training (great for teams)
• Keep your software and browser updated with phishing protection

🧠 Summary

Email phishing detection isn’t just about tools — it’s about awareness. Attackers rely on human error and emotional responses. By slowing down and scrutinizing emails for the red flags covered in this chapter, you can outsmart even the most convincing scams.