Spotting the sure signs of a phishing email

By , Mar 9, 2016

Emails are a popular way to keep in touch with people, be it friends, family, or co-workers, but often companies that you deal business with will send you the occasional promotional email if you signed up for subscriptions.

Sometimes, you get an email that you think is legit, and it turns out it’s just a fake email pretending to be something it’s not and it tries to get you to click on stuff or give up your personal information. These emails are malicious and they’re known as phishing emails.

In this piece, we’ll go over some of the things you can look for to tell if the emails you’re getting are legitimate, or if they’re a con artist trying to scam you of your personal information.

What is phishing, and why is it a thing?

Phishing emails are essentially suspicious emails that try to either get you to click on a malicious link or to surrender personal information that a hacker could use for malicious intents and purposes.

These kinds of emails often have links inside of them that claim to be from a legitimate company, or may even refer to you as a customer of theirs, but when you click on the link you’re actually being sent to a fake mock-up of the real site that will ask for your information so it can steal it.

Low-life people do this for all kinds of malicious intents and purposes; one of the most common is identity theft. You can, however, protect yourself from these kinds of emails; the best way to go about that is to know how to spot a phishing email, and know what you should do when you come about one.

Signs that an email you received is a phishing email

In a detailed support document, Apple explains some of the most common characteristics of a phishing email. We’ll go over them with you below and try to explain them to the best of our abilities.

1. The email headers have incorrect information in them

In OS X, the Mail app lets you view more detailed header information by clicking on View > Message > All Headers. This lets you see more detailed information about the sender, and if the information under the last line beginning with “Received” doesn’t match the details of that company being represented, then you may have a reason to believe that the email didn’t really come from that company.

For example, if you receive an email from “Walmart” about your most recent purchase, and the final received line says something like “Recevied from (123.456.789.120)” then it’s probably a fraud because “machax” has nothing to do with Walmart, and the IP address probably doesn’t match that of Walmart’s web servers either.

2. Links in the email take you somewhere other than where it should

Another sure sign that you’ve been phished is when an email you’re sent has links in it that claim to take you to a certain website, but take you to another one instead. You can hover your mouse over a link in an email, and OS X will automatically display the URL that the link will want to take you to.

If the email text says “” and the hover-over text says “” (or anything else that isn’t what you’d expect), then you’re probably going to be clicking on a link that will take you to a non-legitimate website. If you see anything other than what you’d expect to see, you should avoid clicking on the link for your safety.

3. Websites you visit from the email are fake

You have to be careful in many of the instances where you see a link in an email, because some hackers will throw together a really good mock-up of a legitimate website that can be very convincing when you load it up. Many of the websites are designed the same and have the same logos all over them, but there’s one pretty good way you can tell if the site is legitimate or not.

The latest versions of many web browsers, such as Safari, Firefox, and Chrome will do a check to ensure the website is legitimate. If it passes the Extended Validation (EV) check, which is a check to ensure the website is legitimate, then the company name in the URL bar will be shown in green color instead of black.

If you visit a website you usually see a green company name in the URL bar, but if you see it black instead, you might consider backing out before you enter any valuable or personally identifiable information, such as credit card numbers, because the website might just be waiting for you to submit that information to a hacker for malicious use.

4. The email refers to you generically, instead of by name

Since most high-end companies that you subscribe for emails with will have your name on record, legitimate emails will typically call you by your name. Phishing emails often refer to the recipient with generic names that could fit the picture in many cases, no matter what your name is.

For example, if the beginning of an email from Walmart says, “Hi Anthony,” then you’d have less to be wary off than an email from Walmart that begins with, “Dear valued customer” because it shows that the email came from a source that knows who you are rather than a source that doesn’t and is just trying to refer to you as something universal so it fits the thousands of other people who are receiving the same phishing email.

5. The email came to an email that you didn’t give the company

If you subscribe to a company with one email (email A) and you end up receiving an email from that company in another one of your email inboxes (email B), then you have a strong reason to be wary of the email.

Since you didn’t give the company email B, how could they have possibly known they were sending the email to you? Better yet, how did they get that email in the first place? Since you subscribed with email A, you should have received the email in the inbox of email A.

If you can’t explain why an email arrived in the wrong email inbox, you should steer clear of it. Emails should only arrive in the inbox of the correct email address when you subscribe for emails. Any emails that end up in the inboxes of your other accounts are probably fake and may be trying to lure you into a trap.

Protecting yourself from emails you think are phishing

If you receive emails like any of the above, then you probably have a strong case to believe the emails are trying to lure you into providing personal information. If you receive a phishing email, here are some safe practices for you to keep in mind.

1. Compare information of the new email with past emails

If you have received legitimate emails from a company before, such as Walmart, you should compare the contact details of that email to another email claiming to be from that same company.

For example, if I received an email from Walmart before, and the new email claims to be from Walmart too, I can compare the email addresses to see if the sender is coming from a Walmart address or not.

Although email address spoofing is possible, this is a good first place to check, because some morons will send emails from their personal email or a completely unrelated email instead of taking the time to properly spoof their email addresses.

If you receive an email claiming to be from Walmart, and it’s an @Gmail account, then you obviously know something’s up. Also pay attention to the language in the email, such as the way the email refers to you.

2. Don’t provide personal information

Unless you’ve confirmed with the company that the email was legitimate, you should never provide any personal information to an email that you believe is a phishing email.

This includes personal information like:

  • Your address
  • Your credit card details
  • Your social security number
  • Your maiden name
  • Your passwords
  • And so forth…

Typically, legitimate emails will never ask for your personal information. They’ll just link you to a site where you have to log in with that site’s username and password, and will give you information from there, but if an email asks you for your login information for a service, which is unlikely from business-dealing companies, you should not provide it in the chance that the email could be trying to steal an account of yours.

You should also be wary of links in these emails. Never log into a website without first ensuring that the website is legitimate and not a good copy. In fact, rather than clicking on a link in an email, you might go ahead and open the website yourself in your web browser to log in so you know where you’re entering your information.

3. Don’t download or open attachments

If you suspect an email is a phishing email, don’t download or open attachments that may be connected to the email. Some of the attachments may contain malware, which may try to spy on your key presses or steal passwords and other valuable information as you enter them.

Most automated emails from legitimate companies rarely ever include attachments, and will be fully-coded in HTML instead so you don’t have to open any attachments.

Reporting a suspected phishing email

Apple cares about its users’ safety, and will help deal with phishing emails. You can forward an email that you believe is phishing to the email address by using the Message > Forward As Attachment option in the Menu Bar, which will allow Apple to review the details of the email and forward it to the proper law enforcement agencies to deal with the problem.

A separate email address is also available for any emails that are pretending to be Apple services. Apple likes to deal with these situations a little more… personally. The email address to report these kinds of emails, which may include pretending to be representatives from the App Store, iTunes, or online Apple Store is

Of course, reporting an email is no guarantee that the messages will stop, and reporting legitimate emails won’t help the cause, so you should only ever report obvious phishing emails and ones that you truly believe are doing nothing but trying to steal your personal information or cause harm to your computer.


Don’t be a victim of phishing emails. Although many phishing emails are completely obvious to some, they may not be so obvious to your mother, or grandmother, or someone else who isn’t as technology-literate as you are. Spread the word and keep the emailing system safe for everyone!

If you found the information in this piece useful, let us know in the comments below.

  • Share:
  • Follow:
  • philip Mills

    i had a email from my wife but she did not send it !
    what shall i do with it

    • Joshua The-Legend Wiebe

      delete it.

    • Tell your wife to change her email account password. Chances are someone got a hold of her username/password and is using that account to send spam.

  • Chris

    Relying on the email headers is a common way to detect spoofing, but there are a lot of companies that use third party vendors to send their emails which would result in the headers appearing abnormal.

    A lot of companies nowadays are implementing DKIM and SPF which are a verification technologies – but they still rely on the receiving server having support for it.

    That being said, and this relates to your conclusion; people who do work with computers everyday still find themselves opening these types of emails. The best examples are those in government departments in the U.S, I’ve also met some pretty switched on people over the years who have done so resulting in IT needing to isolate networks and such.

    Until someone makes secure email software, this will continue to be an issue.