How to Spot Phishing Emails: 10 Red Flags (With Real Examples)

Phishing emails are getting harder to spot. AI-generated phishing now accounts for over 80% of attacks, with perfect grammar and convincing branding. Here are 10 red flags that still work in 2026.

Red Flag 1: Display name doesn't match the sender domain. The email says "PayPal Security" but the actual address is "security@paypa1-verify.xyz". Always check the full sender address, not just the name.

Red Flag 2: Urgency and threats. "Your account will be permanently closed in 24 hours." Legitimate companies don't threaten you via email. They send gentle reminders, not ultimatums.

Red Flag 3: Lookalike domains. "amaz0n.com" (with a zero), "paypa1.com" (with the number one), or ".cam" instead of ".com". These are designed to pass a quick glance.

Red Flag 4: Generic greetings. "Dear Customer" or "Dear User" instead of your actual name. Most services you have an account with know your name.

Red Flag 5: Mismatched links. The text says "https://paypal.com/verify" but hovering reveals a completely different URL. Always hover before clicking.

Red Flag 6: Unexpected attachments. Especially .exe, .zip, .html, .svg, or .one (OneNote) files. Legitimate invoices come as .pdf from known senders.

Red Flag 7: Request for credentials. No legitimate service asks for your password, credit card number, or Social Security number via email. Ever.

Red Flag 8: Poor formatting or brand inconsistency. Blurry logos, broken images, or styling that doesn't match the real company's emails.

Red Flag 9: "Reply with your verification code." Legitimate 2FA systems never ask you to forward or reply with a code. If someone asks for your OTP, it's an attack.

Red Flag 10: Invisible text or hidden content. Some emails hide text using zero-font-size CSS or invisible Unicode characters to confuse spam filters. If you select-all and see hidden text, it's suspicious.

Tools like Gorganizer detect all 10 of these patterns automatically using 1,751+ signals — including display name spoofing, lookalike domains, CSS hidden text, and homoglyph obfuscation that humans can't see. Try our free email checker at gorganizer.com/tools/email-checker to analyze a suspicious email.