The sender is requesting your credentials
One of the most obvious signs of a phishing scam is when the email you receive requests for your login credentials or financial information. Unfortunately, this is a trick malicious actors use to gain access to your sensitive information and steal your identity. If you receive an email that asks you to enter login information, username, password, or credit card information, it is more than likely to be a phishing attempt. There are a few different ways that people try to get you to enter your credentials, including “customer service” emails from banks, utilities, or other companies you have an account with; emails from companies that you have an order with and are asking for your log-in information; or emails from companies with which you do not have any kind of account.
The email asks you to click on a link
Another common phishing attack technique is to entice you to click on a link in the email. Threat actors will often craft their emails, so they appear to be from a trusted source, such as your bank or credit card company. These emails may direct you to click on a link, usually to update your account information, and promise that doing so will help you avoid any problems. But that link may take you to a phishing website that will steal your information or, sometimes, have full control of your device via a zero-click attack when you visit their malicious website by clicking on the link sent to you. The same is true for emails from companies with which you have an account. If an email from your bank or credit card company directs you to click on a link, the best thing to do is contact them through their legitimate phone number or website to ensure that the email is authentic.
The email’s language is awkward or poorly written
Another tell-tale sign that an email is a phishing scam is if it is awkwardly or poorly written. If you receive an email from a company, especially one you do business with, they will probably address you by your name. However, phishing emails rarely address you by name, or they will use a general salutation, such as “Dear User,” “Dear Customer,” or even “Hello.” Phishing emails are often written in an overly formal or corporate style, which is typically a clear sign that something is amiss. Likewise, the tone of the email may sound off, or the language may be riddled with spelling or grammatical mistakes.
You are unfamiliar with the sender
Another red flag is if you do not recognize the sender of the email. If you receive an email from a company with which you do not do business, scrutinize it before taking any action; if the company has a wrong address or contact name, or if the email is from a person you do not know, it is likely a phishing scam. If you have an account with a company, but the name of the person emailing differs from the one listed on your account, it may be a phishing attack.
You were not expecting the email, or it was not requested but responded to beforehand
Finally, a sure-fire sign that an email is a phishing attempt is if you were not expecting it, or it was not requested but responded to beforehand. Companies will not send you an email out of the blue and expect you to know what they want. If you are expecting an email from a company, but you do not receive it, you should not send them an email asking when to expect it. You should always be careful when receiving unexpected emails from companies; if there is something you need to do or update, they will probably contact you through another means, such as a phone call or postal mail.