How to Identify Phishing Email And Prevent Yourself From Getting Phished


Remember the hacker who hacked into celebrities apple icloud and leaked their nude photos? How did he do that? Because from what we know – Apple is “unhackable”, right?

Those hack, famously known as “The Fappening” or “Celebgate” scandal, was a result of Phishing email. Yes, phishing. Spear Phishing to be precise. The leaked nude images of Jennifer Lawrence, Kim Kardashian and many other celebrities was a result of phishing attack.

The hacker, Collins, used phishing attack to access 50 iCloud accounts and 72 Gmail accounts, most of which belonged to female celebs, and illegally download the contents of their iCloud backups and look for more data, including nude photos of celebrities.

An example of phishing website
A Phishing Website

Phishing attacks have rose by more than 162 percent in the last 5 years. They cost organizations around the globe $4.5 billion every year and over half of internet users get at least one phishing email per day.


While the big companies have implemented many defense mechanisms against phishing attacks they can only do much from protecting its users. So it’s up to you to prevent yourself from phishing attacks. 97% of people around the globe cannot identify a sophisticated phishing email.

How To Identify a Phishing Email

1. Find out who the email is really from

Cyber criminals spoof the display name of the sender’s email address. For example – they can send an email from any email account and change the Sender’s name to “Apple Security Team”.

An example of phishing email

As you can see in the above image, the email actually looks like it’s sent from your legitimate bank – “My bank”. However the real email is sent from another email.

2. Spelling Mistakes

Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar.

Most English language phishing attack are sent from countries where English is not the primary language. Attackers, often perform phishing attacks by imprecise use of English even with quite common phrases and including spelling errors. So read the message very carefully.

An example of phishing email

3. Analyze the salutation

Many but not all phishing attacks start with generic phrases like “Dear valued customer” or your email account name, such as “Dear baconlover123” instead of your name “Dear John” for example. This is because they cannot personalize the email sufficiently as they are targeting thousands of other users too.

paypal phishing email

Most legitimate companies include your name in their correspondence because companies will have it on record (if you’ve dealt with them before).

4. Content of the email

Banks and other financial bodies and governments will not email you to tell you about a problem with your account. They recognize that email is fundamentally insecure and that personal information shouldn’t be sent via emails.

paypal phishing email example

The email may give you a false sense of urgency claiming that your account has been used or someone tried to buy this/that from your account.

5. Links


One common phishing technique is to include links in an email that look like they go to a legitimate website but instead take you to a malicious website. But, you can inspect if the link is legitimate or not.

Simply hover the mouse over (but don’t click) any link in an email, and you will see a pop-up that shows you the actual URL that you will be taken to. Here’s an example:

An example of phishing emailAs you can see – the visible link and the real link do not match.

Some browsers doesn’t support pop-up. If you have the Status Bar enabled in your browser, hovering over a link will show the URL in the browser’s Status Bar at the bottom of the window.


6. Check that the website you’re accessing is legitimate

Sometimes you might get tricked into thinking that the URLS is legitimate. If you have clicked the link already, you can still check that it’s a trusted website or not.

On the browser’s address bar check if there’s HTTPS or HTTP in front of the URL.

HTTPS is secure while HTTP isn’t.

7. Asks for Personal Information

No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. Your bank doesn’t need you to send it your account number because it already has it. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

An example of phishing email

8. You didn’t initiate the action

This type of phishing email is very common and may be you have already received it. Emails informing that you’ve won a lottery or you won blah blah! If you had applied for the lottery then congratulations but if hadn’t then that’s definitely a phishing email.

phishing email - actions you didn't initiateAnd not only emails that says you’ve won something but also the emails as in the image above that says that your account will be deleted, or your password has been changed are some of the examples of these types of phishing email.

Also Read



  1. Pretty great post. I simply stumbled upon your weblog and wished
    to say that I’ve truly enjoyed surfing around your blog posts.
    After all I will be subscribing for your feed and I’m hoping you write again very soon!