How to tell the difference between a phishing email and a real one?

An overall to-do list:

1. Doubt everything. The address of a sender can be forged. Wasn’t expecting an email? It’s a reason to critically assess an email and be as paranoid as an information security specialists can be.

2. Check the content if it’s in another language. Phishing is an international problem, but not every scammer can speak other languages perfectly or spend money for professional translation.

3. Pay attention to the sender. Is it a familiar company? Does it exist? Is the signature real: a phone number, physical address, type of ownership, etc.

4. Don’t hesitate to ask in order to make sure. Call to the company which sent you an email — find a number on the official website, don’t call the one you see in an email, and make sure whether they contacted you. It is completely alright to suspect something, especially is there are strange files attached and links to follow.

5. Don’t click the strange-looking link. It’s probably an attack. Hover the pointer over it to see the real address where it takes you. A couple of letters may be changed and they won’t be an obvious scam, but that’s why it’s important to pay attention.

6. Don’t open an attachment you don’t trust. There are free online services, such as They will process the attached file with the help of multiple antiviruses at once.

7. Don’t shun antiviruses. Many popular antiviruses check not only your PC, but your email as well — don’t disable the function and listen to the messages your antivirus gives you.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store