How to Spot a Phishing Email in 30 Seconds

You just got an email from your bank saying your account has been compromised. There's a big red button that says "Verify Now." Your heart starts pounding. You're about to click it.

Stop. Take 30 seconds. That email might be a phishing scam — and those 30 seconds could save you thousands of dollars.

What Is a Phishing Email?

A phishing email is a fake message designed to look like it came from a company or person you trust. The goal is simple: trick you into clicking a link, downloading a file, or handing over personal information like passwords, credit card numbers, or your Social Security number.

Phishing is the most common type of cyber attack in the world, and it's only getting more sophisticated. In 2025, the FBI reported over $3.4 billion in losses from phishing scams alone.

The 30-Second Phishing Check

Here are five things you can check in under 30 seconds to determine if an email is legitimate or a scam.

1. Check the Sender's Email Address

This is the single biggest giveaway. Scammers can make the display name say "Chase Bank" or "Amazon Support," but the actual email address tells the truth. Hover over the sender name and look at the full email address.

Legitimate: support@chase.com

Scam: support@chase-secure-verify.com or chas3bank@gmail.com

If the domain doesn't match the company's official website, it's almost certainly a phishing attempt.

2. Look for Urgency and Threats

Phishing emails almost always create a sense of panic. They want you to act before you think. Watch for language like:

• •"Your account will be suspended in 24 hours"
• •"Immediate action required"
• •"Unauthorized access detected"
• •"Failure to respond will result in account closure"

Real companies rarely threaten you via email. If something is truly urgent, they'll call you or send a notification through their official app.

3. Hover Over Links Before Clicking

Before you click any link, hover your mouse over it (don't click). Look at the URL that appears in the bottom-left corner of your browser or in a tooltip. Does it go to the company's real website?

Legitimate: https://www.chase.com/account/verify

Scam: https://chase-verify-account.sketchy-domain.com/login

If the URL looks weird, has extra words, or goes to a domain you don't recognize — don't click it. Ever.

4. Watch for Spelling and Grammar Mistakes

Major companies have entire teams reviewing their communications. If an email from "Apple" has typos, awkward phrasing, or broken English, that's a red flag.

However, be warned: AI-generated phishing emails in 2026 have significantly fewer errors than they used to. Don't rely on this check alone.

5. Check for Generic Greetings

"Dear Customer" or "Dear Account Holder" instead of your actual name? That's suspicious. Most companies you have an account with will address you by name.

What to Do If You Spot a Phishing Email

1. 1.Don't click anything in the email — no links, no buttons, no attachments
2. 2.Don't reply to the sender
3. 3.Report it — most email providers have a "Report Phishing" button
4. 4.Go directly to the company's website by typing the URL yourself if you're worried about your account
5. 5.Scan it with ScamShield — paste the email text into our free scanner and get an instant AI-powered analysis with specific red flags identified

The Bottom Line

Phishing emails are designed to bypass your logic and trigger your emotions. The best defense is simple: slow down. Those 30 seconds of checking the sender, the links, and the tone can save you from a world of pain.

If something feels off, trust your gut. And when in doubt, scan it with ScamShield — it's free, takes two seconds, and gives you a plain-English explanation of exactly what's suspicious.

Stay sharp. Stay safe. Don't get played.