How to Identify a Malicious or Phishing Email?

The COVID 19 pandemic has forced most organizations to leave their offices and shift more toward working remotely and from home. This is causing a bigger reliance on email to communicate within the organization and, as such, more risk for email phishing, scam and other fraud.

In just one week in April, for example, Google has shut down 18 million daily COVID 19-related phishing emails, according to The Verge. Scammers are using the global pandemic and peoples’ fear and many are falling for it.

Today, phishing emails often look legitimate enough to pass the “seems legit” test that for many email owners is the only real defense they have. True, not every phishing email gets to its victim. Of around 3.4 billion fake emails sent every day, only a small portion actually gets opened and of those even less result in an email owner taking an action like revealing his login credentials to the scammer.

Unfortunately, it happens and it can happen to you too. This is why you need to know how to identify a phishing email in order to avoid it.

Here are 8 tell-tale signs that you’ve received a phishing email:

  1. It Doesn’t Call You By Your Name

If the email starts with “Dear Sir or Madam” or “Dear Customer” you shouldn’t trust it further than you can throw it (and you should throw it in the trash).

Legitimate companies that you have an online account with will always greet you by your name, for example, “Dear John”, or “Hi Sam” and not in this impersonal way. 

  1. It’s Sent From a Strange Email Domain

Does the email address seem a bit off? That could be a sign of a phishing email.

For instance, spot the difference in these two emails:

Can you tell which one is the actual PayPal email and which one is fake? Don’t worry, I’m “100” percent sure you’ll spot it.

However, don’t rely only on this method to spot phishing emails as some companies will use more custom email domains and others will use a different email provider from the ones you may be used to like Gmail, Yahoo, or Outlook. For instance, if you see a at the end of an email you can be sure that it is more than secure and legitimate. (Here’s how to send a secure email yourself).

  1. The Email is Just One Big Link Forcing You to The Scammer’s Website

By now, scammers know that most if not all people they send fake emails to at least read the email and check if the address looks legitimate before clicking on the link. 

But what if the entire email is one big hyperlink? People accidentally or absentmindedly click somewhere in the email they don’t expect a link would normally be and, poof, they’ve downloaded malware or are sent to a malicious website.

The lesson here is don’t click anywhere if the email seems suspicious but the spam folder.

  1. That’s Not How You Spell That!

One thing is certain about email scammers. They’re not in it to win any spelling contests. 

An email filled with bad spelling and grammar is one of the most obvious signs of it being a fraud. Legitimate companies know how to spell “free shipping included” for instance.

  1. Sir, There’s an Unsolicited Attachment in My Email

Around 23% of scam or phishing emails contain a malicious attachment says F-Secure. These are usually .doc, .xls, .pdf, .zip or .7z.

Legitimate companies will very rarely send you unsolicited email attachments to download. Instead, they’ll redirect you to their website and a page where you can safely download the file.

Speaking of sending attachments, since we all often have to send documents online, here’s how to send them securely over the Internet.

  1. Please Don’t Panic

Imagine this. You wake up in the morning and before you even drink your first cup of coffee or take the morning shower you open your email. The first email reads:



Wow. Instant wake up call. Better do what they tell me, right?

Wrong. That’s what the scammers want you to do. To panic and not think. If you’re unsure, go to the company’s website (but use your browser and not the link in the email), log in to your account and check if everything is okay (if you have any missing payments and such for example).

  1. Poor Quality Images

Another way to spot a phishing email is to look at the images, especially the logo. If it’s low-resolution, fuzzy, pixelated and overall poor quality, you probably have yourself a fraud email there.

Scammers rarely bother to create quality images themselves, but instead copy/paste the company or bank logo and thus end up with low-res images. If you see an image or logo like that in your email, you should probably just chuck it in the trash or spam.

  1. Check the Header, From: and To:

If you can’t remember ever giving your email address to the company sending you an email, there’s a high chance that it’s a scam and that you should delete it.

You should also check the From: and To: fields. Does the From: match the real address or not? If it doesn’t, it’s not a legitimate email. Is To: sent to a large number of people you don’t know or are not associated with or does it say ”undisclosed”? 

If the email is not addressed directly to you, by name, it’s not legitimate.

  1. A Legitimate Company Should Never Ask for Your Sensitive Information Over Email

If the email is in any way asking you to reveal some sensitive information such as your username and password, credit card information, social security number, tax numbers or any other personally identifiable information of that kind, don’t hit “reply”, hit “delete”.

Legitimate companies will never request your sensitive information this way.


Phishing and scam emails cost companies and individuals billions. Sometimes they’re obvious as a Nigerian email scam, but other times they’re more sophisticated and harder to spot.

However, if you keep an eye on these 9 signs, no scammer will get you on the wrong foot.

To be absolutely sure that your email is private and safe from hackers and scammers, sign up to CTemplar encrypted email for free today.