How you can spot the next phishing attempt against you

It was only 20 years ago that the best tip for browsing the internet was not to trust anyone on it. Now, people find homes in foreign countries to stay in on the web and book lifts with strangers from their smartphones.

Yes: we trust strangers a lot more than we used to. But that’s what many cybercriminals rely on when it comes to phishing attempts. If you want to spot these cyberthreats before they do any real damage, you’ll have to think like a cybercriminal.

Or, at least know what to look for.

There are five signs that you can help you spot a phishing attempt:

  1. It has spelling and grammar mistakes.
  2. The sender’s email address doesn’t seem legitimate.
  3. You get an attachment from someone you don’t know.
  4. A link takes you to a different URL than it should.
  5. The email seems unusually urgent.

Let’s walk through what each of them look like and why it’s so important to recognise them.

1. It has spelling and grammar mistakes

When you get emails or see advertisements from companies, you hardly ever come across a spelling mistake. It’s because there are entire teams and departments filled with people whose jobs are to ensure spelling and grammar in official communications are always correct.

Phishers don’t have the same types of resources and it shows in their work. Phishing attempts are often plagued by poor spelling and confusing grammar. The more attempts a cybercriminal is creating, the more sloppily written the email will be.

If you see poor spelling and grammar, it’s nearly a sure sign that you’re reading a phishing email. Of course, it’s not the only sign – so don’t automatically ignore your friends because they haven’t brushed up on their English skills in a while.

2. The sender’s email address doesn’t seem legitimate

We tend to trust emails when they look official and come from a business that we know and use. But cybercriminals use that blind trust to trick people into thinking an email is an official communication from a company.

They may use a similar website URL – like Google or Neflix – as the email domain in a bid to make it look legitimate. They could also use a Gmail or Yahoo account and claim to be customer service for your phone company.

Catching these misspelled and illegitimate email addresses isn’t easy, but it’s absolutely necessary if you want to spot these cyberthreats before it’s too late. If your account is restricted or there’s an otherwise urgent matter that needs tending to, taking the extra 20 seconds to vet the email address won’t make a difference in the final result.

3. You get an attachment from someone you don’t know

Here’s the holy grail of cybercrime: attachments. The easiest way to spot a phishing attempt – or a cyberthreat in general – is to receive an attachment from someone you don’t know. There’s a surprising number of people that click these to open them and even download them before realising they either don’t know the sender or that they’ve now received a virus.

Attachments allow phishers to transport malware, which can be used for any number of reasons. It could be a keylogger that captures your login information, or it could be a virus that goes after your banking information. Whatever it is, it’s of no value to you.

Always be cautious with any email that has an attachment, but especially so when you don’t know the sender. Be sure to double check that if you do get an attachment, the email address is definitely someone you trust before you open that file.

4. A link takes you to a different URL than it should

There’s a lot a cybercriminal can do with a phishing email to disguise its true purpose. One of those tactics is by using visual elements – like friendly looking buttons – to conceal where those links are actually pointing.

Even if you trust the sender, it’s always wise to hover your mouse cursor over a URL before clicking on it. Depending on which email provider you’re using, a box may pop up right next to your cursor or in the bottom left-hand corner of the screen showing you where that URL is pointing to.

If the email is from your Netflix account but the URL is pointing to a website you’ve never heard of before, then you’ll want to avoid clicking it. Chances are that if you login to your Netflix account on its main website, you’ll find nothing was wrong with your account after all.

5. The email seems unusually urgent

Cybercriminals love to create panic in whatever they do because it clouds the decision-making and judgement ability that might otherwise ruin their plans. It’s a tactic that increasingly apparent in phishing campaigns.

Urgency can take a few different forms. It might be that your account is restricted or that someone has taken over control of it. In general though, a phishing email will try to get you to act quickly or immediately to resolve an issue. Keep on the lookout for time-sensitive directions, because there’s a chance you could be a phishing target.

Phishing attempts and other cyberthreats are constantly changing. While these five tips will help you spot them, you should always stay secure with a trusted solution. Use a comprehensive single solution like Norton 360 to receive protection against phishing, viruses, ransomware and other cyberthreats that could expose your information.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.