Phishing Email Identifier

Learn How to Spot and Avoid Email Scams and Fraud

What is Phishing and Why is it Dangerous?

Phishing is a type of cyber attack where scammers attempt to trick you into revealing sensitive information by disguising themselves as trustworthy entities. These attacks typically arrive via email, text messages, or social media, and they represent one of the most common and effective methods cybercriminals use to steal personal data.

The dangers of phishing include:

According to recent statistics, phishing attacks account for more than 80% of reported security incidents, and the average cost of a data breach caused by phishing is over $4.5 million for businesses. For individuals, the average financial loss from phishing is approximately $1,500.

Common Types of Phishing Attacks

Email Phishing

The most common form where attackers send emails purporting to be from legitimate companies or services, asking you to verify information or click on malicious links.

Spear Phishing

Targeted attacks that use personal information about you to create highly customized and convincing messages.

Whaling

A form of spear phishing specifically targeting high-profile individuals like C-level executives or other valuable targets with access to sensitive data or financial systems.

Smishing (SMS Phishing)

Phishing conducted via SMS text messages, often claiming to be from your bank, delivery services, or government agencies.

Vishing (Voice Phishing)

Phone-based phishing where scammers call pretending to be from legitimate organizations to trick you into revealing information or making payments.

Clone Phishing

Attackers create nearly identical copies of legitimate messages you've previously received, but replace attachments or links with malicious versions.

Business Email Compromise (BEC)

Sophisticated scams targeting businesses, often involving compromised or spoofed email accounts of executives to authorize fraudulent wire transfers or data access.

10 Warning Signs of Phishing Emails

  1. Suspicious Sender Address: Email addresses that mimic legitimate companies but with slight variations (e.g., amazon-support.com instead of amazon.com)
  2. Generic Greetings: Opening with "Dear Customer" or "Dear User" instead of your name
  3. Urgency or Threats: Creating pressure with claims like "Immediate action required" or "Account will be suspended"
  4. Grammar and Spelling Errors: Professional organizations rarely send communications with obvious language mistakes
  5. Mismatched URLs: Links that, when hovered over, show different destinations than what the text suggests
  6. Requests for Sensitive Information: Legitimate companies rarely ask for passwords, full credit card numbers, or social security numbers via email
  7. Unexpected Attachments: Files you weren't expecting, especially executable files (.exe, .scr, etc.)
  8. Too Good to Be True: Offers, prizes, or discounts that seem unrealistically generous
  9. Unusual Payment Requests: Asking for payments via gift cards, wire transfers, or cryptocurrency
  10. Inconsistent Branding: Logos, colors, or formatting that don't match the company's usual style

Our Phishing Identifier tool helps you analyze emails and messages for these and other warning signs to determine if they're legitimate or potentially dangerous.

How to Verify Suspicious Communications

If you receive a communication you're unsure about, follow these verification steps:

  1. Don't Click Links Directly: Instead, manually type the organization's URL in your browser or use a previously bookmarked link
  2. Contact the Purported Sender: Use official contact information (not from the suspicious message) to verify if they actually sent it
  3. Check Email Headers: Examine the detailed routing information to verify the actual source
  4. Use Official Apps: Instead of following email links, check your account status through the company's official mobile app
  5. Google the Scenario: Search for the type of message you received plus "scam" or "phishing" (e.g., "Netflix account suspended email scam")
  6. Verify Phone Numbers: For calls or texts, check if the phone number matches the official one listed on the company's website
  7. Use Our Website Scanner: If the message contains links, paste them into our Website Scanner tool to check if they lead to malicious sites

Remember that legitimate organizations understand security concerns and won't penalize you for taking steps to verify their communications.

How Our Phishing Identifier Works

Our tool helps you analyze suspicious communications through several approaches:

  1. Interactive Checklist: Guides you through key warning signs to look for in the message
  2. Educational Examples: Shows side-by-side comparisons of legitimate vs. phishing communications
  3. Link Analysis: Allows you to safely check where links in the message actually lead
  4. Sender Verification: Provides guidance on how to properly examine sender information
  5. Report Generation: Creates a summary of findings to help you determine if the message is legitimate or suspicious

Our tool is designed for educational purposes to help you develop the skills to spot phishing attempts on your own. While it provides guidance, always exercise caution with suspicious messages and consult security professionals when in doubt about high-risk communications.

What to Do If You've Encountered Phishing

If You Haven't Responded:

If You've Already Responded:

Acting quickly can significantly reduce the damage from a successful phishing attack. Don't delay if you believe you've been compromised.