identify a phishing email scaled

Anatomy Of A Phishing Email – Watch Out For These 10 Red Flags

Reading Time: 4 minutes

Last Updated on May 4, 2021 by Calvin C.

In this article, we look at the anatomy of a phishing email scam so that you know what to look for in order to identify a malicious email. It is very important for you to scrutinize every email you receive because attackers use every trick in the book.

anatomy of a phishing email

Background of a Phishing attack

A phishing email is a fraudulent email that is sent by a cybercriminal to trick a victim into providing sensitive information.

The email appears to come from a legitimate source and if you are not careful, you comply with what the email requires you to do.

Fortunately, we have dissected a typical phishing email so that you are aware of what you should look out for.

Remember, you need to minimize your exposure on the internet by using a VPN which hides your traffic and IP address.

This ensures that there are less chances of exposing your email addresses to cybercriminals .

Other ways to secure you email are discussed in another article covered earlier.

The goal of a phishing email attack is to gather sensitive information that includes:

  • Passwords
  • Usernames
  • Bank details
  • Credit card numbers
  • And more

The standard framework used by a phishing email is usually the same so after reading this article, you can easily spot a fraudulent email right away.

Anatomy of a phishing email: The red flags

1. “From” field

The email appears to come from a genuine sender, be it Human Resources, Customer Support or a reputable company.

However, if you check the email address of the sender you can see that it’s a fake email.

2. “To” field

Usually, genuine emails from businesses address you by you actual name while phishing emails adress you as “User” or “Customer”

This is not say a phishing email cannot come with your actual name in the “To” field.

Note that cybercriminals are aware of these red flags and they want to make these emails appear as legit as possible.

3. “Subject” field

The subject of the email is what usually grabs your attention.

Attackers try to create a sense of urgency in the subject or use scare tactics so that you click through and read the rest of the email.

By playing with your emotions attackers hope your judgement gets clouded as you try to respond to the email request as quickly as you can.

In one phishing email I received, the subject was as follows:

“There’s issue with your personal and banking details”

Once you get an email with such a subject alarm bells should start ringing.

4. “Body” field

This where the attacker reels you in by using jargon that further intimidates you into taking action.

In some cases, the attacker builds the scam around news updates, company processes or even emails from management.

In the email I received the body started off as follows:

“Due to recent activities of your account we have temporarily suspended your account.”

Then the email went to to list what I lose if I don’t update my personal information.

Once you are hooked to the message the next step is to take action, which is the next step.

5. Malicious link

In almost all cases, you are prompted to click a link so that you rectify the problem.

The message may say:

“Click here to update your details”

If you see that the link is shortened, it is definitely a red flag.

In some cases the link looks plain suspicious, e.g. a link like this:

  • Don’t experiment to see where the link takes you because you risk downloading malware on your device.

6. Deadline

Giving a deadline is one way to give a victim pressure to take action.

Naturally, people want to meet deadlines so the attackers know this scare tactic works in their favor.

Every statement in the email wants you to click the link and provide sensitive data.

7. Sign off

The sign off is usually generic and doesn’t look legit.

You don’t find a name or title of the person who sent the email.

There are no contacts and you may even find glaring typos.

8. Footer

In the footer you find typos, wrong dates or other indications that the email is not genuine.

9. Malicious attachment

An email attachment is one way malware is delivered to your device.

If you find a compressed folder don’t open it as it may be packed with Trojans.

Once attackers take control of your computer they use it for various purposes, some of which are described in this article.

Companies have systems in place to filter such emails, but some of them slip through the cracks.

10. Fake landing page

In the event that you click the link in the email by mistake, there is still an opportunity to protect yourself.

Attackers try by all means to clone a legit landing page but as usual, they leave tell tale signs of a fake page.

Some of the obvious red flags include:

  • Typos in the URL
  • No header or footer
  • Typos in the body
  • Too much focus on collection on sensitive information


You can easily expose your email to attackers online by not browsing the internet securely and privately.

Everyday, thousands of emails are sent to potential victims and attackers hope that some of the recipients give up their personal information.

The information is used to carry out future attacks or sold on the Dark Web.

A VPN ensures that your traffic is encrypted and your IP address is hidden from cybercriminals.

Tech writer and VPN expert. DIY enthusiast and loves anything to do with space science.

Leave a Reply

Your email address will not be published. Required fields are marked *