Craig Peterson
Phish Check

Email Security Tips

Practical advice to protect yourself from phishing and email scams.

Red Flags to Watch For

These warning signs don't guarantee an email is malicious, but they should raise your suspicion.

Urgency and Pressure

"Act now!" "Your account will be closed!" "Immediate action required!" Scammers create artificial urgency to bypass your critical thinking.

Tip: Legitimate companies give you time to respond. If it feels rushed, slow down.

Suspicious Links

Hover over links (don't click!) to see where they really go. "paypal.com" vs "paypa1.com" or "paypal-secure-login.com" look similar but aren't.

Tip: When in doubt, go directly to the website by typing the address yourself.

Mismatched Sender Details

The display name says "Amazon" but the email is from "support@amaz0n-orders.com". Always check the actual email address, not just the name.

Tip: Legitimate companies email from their actual domain (e.g., @amazon.com).

Generic Greetings

"Dear Customer" or "Dear User" instead of your actual name. Mass phishing campaigns can't personalize every email.

Tip: Companies you do business with usually know your name.

Grammar and Spelling Errors

Professional companies have editors. Phishing emails often have typos, odd phrasing, or grammatical mistakes.

Tip: However, AI is making phishing emails better. Don't rely on this alone.

Requests for Sensitive Info

No legitimate company will ask for your password, Social Security number, or full credit card number via email.

Tip: If they're asking for sensitive data, it's almost certainly a scam.

Best Practices

Build these habits to stay safe online.

Forward, Don't Click

When you're unsure about an email, forward it to Phish Check before clicking anything. Get your verdict in 60 seconds.

Use Unique Passwords

Every account should have a different password. Use a password manager to keep track of them all.

Enable Two-Factor Authentication

Even if someone gets your password, they can't access your account without the second factor.

Verify by Phone

If an email asks you to do something urgent, call the company directly using a number you know is real (not from the email).

Don't Download Attachments

Unexpected attachments—especially .exe, .zip, or Office files with macros—can contain malware.

Keep Software Updated

Security updates patch vulnerabilities that attackers exploit. Enable automatic updates when possible.

What To Do If...

Already fell for something? Here's how to respond.

You clicked a suspicious link

  1. 1Don't enter any information
  2. 2Close the browser tab immediately
  3. 3Run an antivirus scan
  4. 4Change passwords for sensitive accounts
  5. 5Monitor your accounts for unusual activity

You entered your password on a fake site

  1. 1Change that password immediately
  2. 2Change it everywhere else you used it
  3. 3Enable two-factor authentication
  4. 4Check for unauthorized account activity
  5. 5Contact the real company if needed

You sent money or gift cards

  1. 1Contact your bank immediately
  2. 2Report to the FTC at reportfraud.ftc.gov
  3. 3File a police report
  4. 4For gift cards, contact the issuer
  5. 5Document everything for your records

The Best Protection?

When in doubt, don't click. Forward suspicious emails to Phish Check and get a verdict in 60 seconds. Our Six-Tier Security Scan analyzes what you can't see—authentication records, threat databases, hidden links, and more.

[enable JavaScript to see email]

Currently available by invitation only.