Spotting a Phishing Scam: 7 Red Flags in Emails and Texts
Phishing works because it does not need to defeat perfect security. It only needs to catch a person at the wrong moment: tired, distracted, worried, or in a hurry. A message appears to come from a bank, delivery service, employer, social platform, or payment app. It asks you to click, verify, pay, reset, download, or reply.
The best defense is not memorizing every scam. It is learning the patterns. Once you know the red flags, phishing messages start to look less like emergencies and more like scripts.
Red flag 1: the sender domain is slightly wrong
Scammers often use domains that look close to real brands: extra words, swapped letters, hyphens, or unfamiliar endings. A message may display the brand name in the sender label while the actual email address is unrelated. On phones, tap or expand the sender details before trusting the name.
For text messages, be cautious with shortened links and strange domains. A real company may use a short link, but you should not rely on that. Open the official app or type the known website address yourself instead of following the message link.
Red flag 2: urgency and fear
Phishing messages love deadlines: your account will close, your package will be returned, your payment failed, your tax refund expires, or your password was compromised. Urgency reduces careful thinking.
Slow down. If a message claims something important happened, verify through a separate channel. Open the official website or app directly. Do not use the link in the message as your only path.
Red flag 3: a login page appears after an unexpected click
Many phishing attacks are credential traps. The message leads to a page that looks like a real login screen. The design may be convincing, but the domain is wrong. Password managers help here because they usually will not autofill credentials on the wrong domain.
If you land on a login page unexpectedly, close it. Navigate manually to the service. If there is a real alert, it should appear in your account dashboard.
Red flag 4: attachments you did not ask for
Unexpected attachments can contain malware or lead to fake document portals. Be careful with files labeled invoice, receipt, resume, purchase order, security notice, or shared document when you were not expecting them.
If the sender appears to be someone you know, confirm through another channel before opening. Account compromise is common, so a familiar name is not enough.
Red flag 5: generic greetings and unusual tone
Not every legitimate message uses your name, and not every scam has bad grammar. Still, generic greetings, awkward phrasing, inconsistent branding, and unusual tone are useful signals. If your bank normally sends polished, account-specific alerts and suddenly sends a vague message full of pressure, treat it cautiously.
Red flag 6: payment method pressure
Requests for gift cards, crypto, wire transfers, or payment outside normal channels are major warning signs. So are messages asking you to pay a tiny delivery fee to release a package. Small payments are used to capture card details and test whether you will comply.
Red flag 7: requests for codes
Never share one-time passcodes, two-factor authentication codes, or recovery codes with someone who contacts you. A real support agent should not need your login code. Scammers use these codes to complete account takeover while you are on the phone or in a chat.
If you clicked, act quickly
If you only opened a link but did not enter information, close the page and run updates. If you entered a password, change it immediately on the real website and sign out of other sessions. If you reused that password elsewhere, change those accounts too. If you entered payment details, contact your bank or card provider.
Report phishing messages to the platform, your email provider, or your organization. Reporting helps filters improve and can protect other people. The point is not embarrassment; phishing is designed to manipulate normal human attention.
A safe habit is simple: when a message pressures you to act, pause and verify through a route you trust. That one pause defeats many scams.
Why phishing keeps working
Phishing is not only a technical attack. It is a timing attack. The message arrives when you are waiting for a delivery, applying for a job, handling a payment, or dealing with account stress. The scammer's goal is to make the fake request feel like part of your real day.
That is why a personal verification routine matters. For financial accounts, open the official app. For work requests, confirm in the company chat or ticket system. For family emergencies, call back on a saved number. A separate route breaks the scammer's control of the conversation.