How to Identify Phishing Emails Before You Click

You want to open that Amazon security alert. Your account might actually be compromised, and ignoring it feels reckless. But something about the email bothers you.the phrasing is slightly off, or the sender address looks strange. You're right to hesitate.

On May 10, 2026, 110 new phishing emails were flagged targeting users with near-perfect impersonations of Amazon, Microsoft, the IRS, and WeTransfer. What you're holding in your inbox right now might be one of them.

Why Most People Get Email Verification Wrong

The advice you've heard."look for spelling errors" and "check if it sounds professional".hasn't worked in years. Modern phishing emails are grammatically flawless and visually identical to legitimate messages. One email flagged today impersonating Microsoft's Office 365 security team used the exact same formatting, logo placement, and footer text as real Microsoft alerts. The only difference was invisible to most people: the sender address was emailaddres@email.com instead of an official Microsoft domain.

The mistake isn't that people are careless. It's that they're checking the wrong things. Scammers know you're looking for typos, so they don't make any. They know you expect urgency, so they weaponise it. An IRS phishing email collected today claimed victims had an unclaimed tax refund pending verification.a message designed to trigger action before skepticism.

What You Need Before You Start

You don't need special software or technical skills. You need three habits and access to two websites.

First habit: never click a link in an unexpected email, even if it looks legitimate. Scammers count on reflexive clicking. Second habit: verify the sender before opening attachments or replying. Third habit: when in doubt, contact the company directly using a phone number or website you find yourself.not contact information in the email.

The two websites: reportfraud.ftc.gov for reporting scams and ic3.gov for filing complaints if you've lost money. Bookmark both now. You'll need them.

The Steps: How to Verify an Email Before You Act

Step 1: Hover over the sender name without clicking.

Every email client lets you hover your cursor over the "From" field to reveal the actual email address. Do this first, before reading the message. A phishing email flagged today claimed to be from Amazon customer service but came from phil.garde@orange.fr.a French ISP address Amazon would never use. Real companies send from domains they own. Amazon uses @amazon.com. Microsoft uses @microsoft.com. The IRS uses @irs.gov.

Why it matters: Scammers can make the display name say anything."Amazon Security" or "IRS Refund Department".but they can't fake the underlying email address without access to the real domain.

What to watch out for: Addresses designed to look similar. Amaz0n.com (with a zero). Micros0ft-security.com (with a hyphen). If you see a personal domain like @gmail.com, @orange.fr, or @email.com, it's phishing.

Step 2: Check if the email asks you to verify credentials by clicking a link.

Legitimate companies never send emails that say "click here to verify your password" or "confirm your account details using this link." They tell you to log in directly through your browser or app. A WeTransfer phishing email collected today claimed a file transfer expired and needed re-verification.directing victims to a lookalike domain to re-enter login credentials. WeTransfer's real emails say to visit wetransfer.com directly, not to click embedded links.

Why it matters: Phishing works by intercepting credentials on fake login pages. The email gets you to the fake page. Your click is the entry point.

What to watch out for: Shortened URLs (bit.ly, tinyurl) that hide the real destination. "Urgent action required" language that pressures immediate clicking. Emails that expire in hours or threaten account suspension.

Step 3: Look at the URL destination before clicking any link.

Hover your cursor over every link in the email without clicking. Your email client will show the actual URL at the bottom of your screen or in a tooltip. Does it match the company's official domain? An Office 365 phishing email flagged today directed victims to a fake Microsoft login page. The link display text said "microsoft.com/verify" but the actual URL was a completely different domain registered that week.

Why it matters: Scammers control what the link text says. They don't control what your browser reveals when you hover.

What to watch out for: Extra words before the real domain (secure-login-amazon.phishing-site.com), misspellings (mircosoft.com), or country code domains that don't match the company's location (amazon.ru for a US account alert).

Step 4: Open a new browser tab and log in to your account directly.

Never use links in the email. Go to the company's website by typing the URL yourself or using a bookmark. Log into your account. If there's actually a security issue, suspicious activity, or pending refund, you'll see an alert in your account dashboard. If you don't see anything, the email was fake.

Why it matters: This bypasses the phishing page entirely. Scammers can't intercept what you never send them.

What to watch out for: Fake urgency that makes you feel you don't have time to log in separately. Trust that feeling.it's the manipulation talking.

Step 5: Check the email's level of personalization.

Real companies address you by name and reference specific account details. Phishing emails use generic greetings like "Dear Customer" or "Valued User." An IRS phishing email flagged today opened with "Dear Taxpayer".the IRS has your name and uses it. A bulk phishing campaign traced to a compromised IONOS abuse account (redacted@abuse.ionos.com) sent thousands of identical messages with zero personalization, impersonating various financial institutions.

Why it matters: Scammers send emails to millions of addresses. They don't know your name, account number, or recent activity. Real alerts from your bank or the IRS reference transactions, dates, and specific amounts.

What to watch out for: Vague claims like "suspicious activity detected" without specifying what, when, or where. Generic threats that could apply to anyone.

Step 6: Enable two-factor authentication on every account the email references.

Even if you've verified the email is real, use this as a reminder to turn on two-factor authentication (2FA). It's the single best protection against credential theft. If a scammer gets your password through phishing, they still can't access your account without the second factor.a code sent to your phone or generated by an authenticator app.

Why it matters: Phishing will get more sophisticated. Your password will eventually leak in a breach or be guessed. 2FA stops 99.9% of automated account takeover attempts.

What to watch out for: SMS-based 2FA is better than nothing but vulnerable to SIM swapping. Use app-based authentication (Google Authenticator, Authy) or hardware keys (YubiKey) for accounts with financial access.

Common Errors and How to Fix Them

Error 1: Trusting emails just because they look professional. A phishing email impersonating Amazon collected today was pixel-perfect.correct logo, footer, and legal disclaimers. Visual polish means nothing. Scammers copy-paste from real emails. Fix: Always verify the sender address and never click links, no matter how legitimate the design looks.

Error 2: Clicking first, questioning later. Reflexive clicking is how most phishing succeeds. You see "account suspended" and panic-click before thinking. Fix: Build a 10-second pause into your routine. Read the sender address, hover over links, then decide.

Error 3: Assuming your email provider's spam filter caught everything dangerous. 110 phishing emails were flagged by security researchers today. Many landed in inboxes, not spam folders. Filters miss sophisticated phishing, especially when scammers use compromised legitimate accounts or newly registered domains. Fix: Treat every unexpected email as potentially malicious until you verify it through the steps above.

How to Verify It Worked

You've successfully protected yourself when you can answer yes to these three questions: Did I verify the sender address matched the official domain? Did I log into my account directly without clicking email links? Did I see no alerts or issues when I checked my account?

If you reported a phishing email to the FTC or the impersonated company, you'll receive an automated confirmation. That's your signal the report went through. If you enabled 2FA, you'll be prompted for a verification code the next time you log in.proof it's active.

The clearest verification: you didn't give your credentials to a phishing site. If you followed the steps, you didn't click, didn't submit information, and didn't compromise your account.

Next Steps: What to Do With Suspicious Emails

Once you've verified an email is phishing, don't just delete it. Forward it to the FTC at spam@uce.gov. Report it to the company being impersonated.most have dedicated email addresses for phishing reports. Amazon uses stop-spoofing@amazon.com. Microsoft has phish@office365.microsoft.com. The IRS wants you to forward tax scams to phishing@irs.gov.

Then delete the email and block the sender. Some email clients let you mark messages as phishing, which improves filters for everyone using that service.

If you've already clicked a phishing link or entered credentials, act immediately. Change your password on the real site. Check for unauthorized account activity. Enable 2FA if it wasn't on already. If you entered payment information, call your bank and request a new card. Time matters.scammers move fast once they have credentials.

Set a calendar reminder to review your account security settings every three months. Update passwords. Check which devices have access to your accounts. Remove old sessions. Phishing isn't a one-time threat you solve and forget. It's an ongoing arms race, and the only way to stay protected is to make verification automatic.

Verified against threat intelligence data collected May 10, 2026, and cross-referenced with FTC phishing complaint patterns. Last updated: May 10, 2026.