How to Spot Phishing Emails: 10 Phishing Red Flags to Look For

August 12, 2022

Phishing has reached new heights, scoring an all-time high in Q1 2022 by surpassing one million recorded attacks. That’s not good news for businesses. Phishing is both the riskiest channel for business data security and the most likely point of origin for cyber threats like ransomware, account takeover and business email compromise. That means it is critical for employees to be aware of the red flags that may signal that an unexpected email is actually a phishing message.


10 Phishing Red Flags to Look For


Phishing can be tricky to spot but keeping these red flags in mind can help employees spot and stop phishing to prevent cyberattacks.

  1. A Strange Subject Line

Is the subject line strange? Phishing messages often have odd subject lines like “Warning”, “Your funds has…” or “Message is for a trusted”. If the subject or pre-header of the email contains spelling mistakes, usage errors, unexpected elements like foreign characters, emojis or other things that just don’t quite seem normal for a communication from the sender it’s probably phishing

  1. An Unofficial Domain

Another indicator of phishing is a message that comes from an unusual domain. Check the sender’s domain by looking at the email address of the sender. A message from a major corporation is going to come from that company’s usual, official domain. For example, If the message says it is from [email protected] instead of [email protected], you should be wary. 

  1. Sender Misrepresentation

Phishing practitioners love to represent themselves as legitimate entities. They often turn to spoofing to make an impersonation believable. More than 25% of the messages that companies receive are spoofed messages. They’ll often impersonate seemingly trustworthy or official sources like an employee of a trusted company, a colleague, a senior executive or a government entity in order to give the recipient a false sense of security about the legitimacy of the message.

  1. A Clunky Greeting

Companies and entities typically use a particular style of greeting regularly. If the greeting of an unexpected message seems different from the usual format, that’s a big red flag. Look at the grammar, punctuation and spelling. Is it generic when it is usually personalized, or vice versa? Anomalies in the greeting are red flags that a message may not be legitimate.

  1. Bad Word Choices, Spelling & Grammar

This is a hallmark test for a phishing message and the easiest way to uncover an attack. If an unexpected message contains a bunch of spelling and usage errors, it’s highly likely to be phishing. We all make an occasional spelling error, but a message riddled with them is probably phishing. If you only remember one red flag from this list, make it this one.

  1. An Odd Presentation or Style

Fraudulent messages may have small variations in style from the purported sender’s usual email style. Beware of unusual fonts, colors that are just a little off, logos that are odd or formats that aren’t quite right. This is another key indicator of spoofing and an easy way to spot phishing.

  1. Suspicious Links

Phishing messages can contain malicious links to capture credentials or send victims to a web page that can be used to steal their financial or personally identifiable information (PII). Hovering a mouse or finger over a link will usually enable you to see the path. If the link doesn’t look like it is going to a legitimate page, don’t click on it. If you do accidentally click on a suspicious link, close the page and do not provide any information.

  1. Unexpected Attachments

This is a common tool of the bad guys, and one of the most likely paths for ransomware or other malware to enter an environment. Bad actors frequently use PDFs or files that look like normal Microsoft files to do their dirty work. Almost 50% of malicious email attachments that were sent out in 2020 were Microsoft Office files. The most popular formats are the ones that employees regularly exchange every day — Word, PowerPoint and Excel — accounted for 38% of phishing attacks. Archived files, such as .zip and .jar, account for about 37% of malicious transmissions. Never download or interact with an unexpected attachment. 

  1. A Gut Feeling

When it comes to phishing, it is always better to err on the side of caution, especially if an unexpected message is heavy on scare tactics. Some of today’s nastiest cyberattacks tend to arrive as the cargo of a phishing message. If anything about an unexpected message seems a little bit off, trust your instincts. Don’t interact with the message any further and report it to an administrator immediately. That gut feeling could just save your organization from a phishing-related cyberattack.

  1. It Seems Too Good to Be True

If you receive an unexpected message that promises you some benefit from clicking a link, downloading something or filling out a form, be suspicious. You should also use caution with messages that say that you just need to pay a small fee or cover the cost of shipping to receive something valuable. Shipping companies like DHL are among the most phished or impersonated brands that you’ll encounter. Everybody wants to win a prize or get something for free and bad actors know that, so they often use this technique to trick victims into turning over personal information, financial data or their credentials.


Can phishing detection be automated?


Phishing detection and anti-phishing protection can be delivered effectively and affordably through AI-enabled, automated API-based security.

Automated phishing defense brings many advantages to the table:

  • Automated email security solutions catch and quarantine 40% more phishing messages than a secure email gateway (SEG) or the native security in Microsoft 365 or Google Workspace.
  • Machine learning ensures that AI-enabled solutions collect their own threat data and refine a company’s protection without human intervention
  • AI can adjudicate email effectively with fewer false positives and better suspicious message detection

Automated Phishing Detection with Graphus


Graphus is an automated email security solution that is powered by AI. That means that it can intelligently sort and filter the emails that come into a company’s environment to determine which ones are safe and which ones are suspicious. How does it do that? By using a patented algorithm that fosters machine learning, enabling it to learn each company’s unique communication patterns and refine its judgment criteria all by itself to tailor that company’s protection now and in the future.   

  • TrustGraph® automatically detects and quarantines malicious emails so the end-user never interacts with harmful messages.  
  • EmployeeShield® alerts recipients of a potentially suspicious message to danger that they may not notice by placing an interactive warning banner at the top that allows users to quarantine or mark the message as safe with a single click.  
  • Phish911™ empowers employees to proactively report suspicious and unwanted emails for IT to investigate reducing your exposure to potential disaster. 

Learn more about how you can stop phishing immediately with Graphus


Explore today’s biggest threats & what’s next in The State of Email Security 2022 GET IT>>


Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus