1How to Check If an Email Is Safe Before Opening It
2Email remains the number one attack vector for cybercriminals. Over 90% of cyberattacks start with a phishing email — a message designed to trick you into clicking a malicious link, downloading malware, or handing over your credentials. The attacks have gotten sophisticated enough that even security-aware people get fooled. Here is how to evaluate any suspicious email before it causes damage.
3Check the Sender Address Carefully
4The "From" name can say anything — it is the actual email address that matters. Look for these red flags:
6Domain misspellings — "paypa1.com" instead of "paypal.com", "amaz0n.com" instead of "amazon.com" 7Free email domains — legitimate companies do not send official emails from gmail.com or yahoo.com 8Extra subdomains — "paypal.account-verify.com" is NOT paypal.com. The real domain is always the last part before the extension 9Random strings — "noreply@xj72kf.com" is almost certainly malicious 11Inspect Links Without Clicking
12Hover over any link in the email (do not click) and look at the URL that appears:
14Does the domain match the supposed sender? 15Does it use HTTPS? (though even phishing sites use HTTPS now — read our HTTPS guide to understand why this alone is not enough) 16Is it a shortened URL (bit.ly, tinyurl)? Legitimate companies rarely use URL shorteners in official emails 17Does it contain your email address or other personal data encoded in the URL parameters? 19Look for Urgency and Pressure Tactics
20Phishing emails almost always create artificial urgency:
22"Your account will be suspended in 24 hours" 23"Unauthorized login detected — act immediately" 24"You have won — claim within 1 hour" 25"Your payment failed — update now or lose access" 27Legitimate companies give you time. If an email pressures you to act immediately, that itself is a warning sign.
28Check for Generic Greetings and Poor Writing
29While AI has improved phishing email quality, many still contain telltale signs:
31Generic greetings like "Dear Customer" or "Dear User" instead of your actual name 32Grammar mistakes and awkward phrasing 33Inconsistent formatting or mismatched logos 34Requests for information the company should already have 36Never Open Unexpected Attachments
37Attachments are a primary malware delivery method. Be especially cautious with:
39.exe, .scr, .bat — executable files that run code on your computer 40.zip, .rar — compressed archives that may contain executables 41.doc, .xls with macros — Office files that prompt you to "enable content" are almost always malicious 42.pdf — can contain embedded scripts, though this is less common 44If you were not expecting an attachment, contact the sender through a different channel to verify they sent it.
45Verify Through Official Channels
46If an email claims to be from your bank, a delivery service, or any company:
48Do not click any link in the email 49Open your browser and go directly to the company's website by typing the address 50Log into your account normally and check for any notifications 51Call the company using the number on their official website (not the number in the email) 53Check If Your Email Has Been Compromised
54If you are receiving more phishing emails than usual, your email address may have been exposed in a data breach. Attackers buy breach databases and use them for targeted phishing. Check your exposure with our Email Breach Checker — if your email appears in breaches, change your password and enable two-factor authentication immediately.
55Protect Yourself Going Forward
57Enable 2FA on your email — even if someone gets your password, they cannot access your inbox 59Disable automatic image loading — this prevents tracking pixels from reporting that you opened the email 60Use email aliases for signups — keep your primary email address private 61Keep your software updated — patches fix vulnerabilities that malicious attachments might exploit 64Check if your email address is already circulating in breach databases — that is the main reason you receive phishing emails. Run it through our Email Breach Checker right now. Then run a full Privacy Checkup to evaluate your overall security posture and get a personalized action plan to reduce your risk.
65Last updated: April 2026