PhishingRadar
Back to blog

Published on 22 June 2026

Recognizing Phishing: The 7 Most Important Warning Signs

1. Check the sender address carefully

The display name of an email says very little – it can be faked at will. What matters is the actual sender address behind it. Criminals often register domains that look genuine at first glance: a zero instead of an "o", "rn" instead of "m", or a slightly altered ending like ".info" instead of ".ch". Always check the full address, not just the display name, for any unexpected email.

2. An impersonal or incorrect greeting

Your bank, your manager, or your IT support normally know your name. Emails starting with "Dear customer", "Hello" with no name, or a misspelled name are a strong indicator that the message comes from an automated mass campaign – not from the person or organization it claims to be.

3. Artificial time pressure and threats

"Your account will be locked in 24 hours." "Act now or else..." Time pressure is one of the most effective tools in phishing because it shuts down critical thinking. Legitimate organizations practically never put customers under such short deadlines – least of all by email.

4. Links that don't match the claimed sender

Hover your mouse over a link (without clicking) before following it – on a computer, the browser usually shows the actual destination address at the bottom of the window. If a link supposedly leading to your bank actually points to a completely different domain, that's a clear warning sign. On a smartphone, a long press on the link reveals the destination address.

5. Unexpected attachments, especially executable files

A PDF from accounting might look normal – an .exe, .zip, or .js file in an unexpected email practically never does. Don't open attachments you didn't request, even if the sender looks familiar: colleagues' email accounts are regularly compromised and abused for exactly this kind of message.

6. Requests to enter sensitive data

No legitimate provider ever asks for passwords, credit card details, or TAN codes by email or through a linked form. If a message demands exactly that, it is very likely a fraud attempt – no matter how professionally it's designed.

7. Language irregularities

Automatically translated text, unusual sentence structure, or a mix of languages are common in international fraud campaigns – though modern, AI-assisted attacks are increasingly flawless here too. A single warning sign is rarely enough on its own, but several together are a clear signal to pause.

Recognizing warning signs isn't enough – practice makes the difference

Knowing these warning signs still often catches people off guard in daily life – because real attacks rarely show all seven traits at once, and a stressful workday leaves little time for careful scrutiny. That's exactly why PhishingRadar relies on realistic, tailored simulations: your team practices on examples that look just like the attacks that actually reach them – and gets immediate feedback on which warning sign was missed.

Test your team today

Try the free demo access yourself or register your company directly.