ACTIVE ALERT: ACTIVE ALERT: Fake SMS targeting India & UAE — Do not click any links Read Full Alert →
How-To Guides May 1, 2026 5 min read

Spot a Phishing Email in 30 Seconds: 8 Red Flags

Learn how to spot a phishing email in seconds with 8 real red flags. Includes examples from UPI scams, HMRC, IRS, and Emirates NBD. Stay safe online.

DT
Digi Trendz How-To Guides Team
Verified · Sources cross-checked before publishing

Why Phishing Emails Still Fool Smart People

You don’t have to be careless to fall for a phishing email. These scams are engineered by professionals who study human psychology. A fake HMRC tax refund notice, a spoofed Emirates NBD alert, or a convincing UPI payment warning — they all share one goal: make you panic and click before you think.

The good news? Once you know what to look for, you can screen almost any suspicious email in under 30 seconds. Here are the 8 red flags that give phishing emails away every single time.

Red Flags 1–4: Before You Even Read the Email

1. The Sender’s Domain Looks Almost Right

Scammers can’t use the real company’s domain, so they get creative. Look carefully at the full email address — not just the display name. A message showing “HMRC Tax Refunds” in the name field might actually come from refunds@hmrc-gov-uk.support or noreply@hmrc.info. Neither is real. The genuine HMRC only emails from @hmrc.gov.uk.

Common tricks include: swapping letters (paypa1.com), adding words (irs-refund-portal.com), or using a completely unrelated domain after a trusted-looking display name. In India, UPI scam emails often mimic @npci.org.in but come from free Gmail or Outlook accounts.

2. You’re Not Expecting This Email

Did you actually request a password reset? Did you place an order that now needs confirmation? If the answer is no, be suspicious immediately. Phishing campaigns spray millions of emails hoping to hit people who might be expecting such a message. If you didn’t initiate something, treat the email as guilty until proven innocent.

3. The Subject Line Creates Instant Panic

Subject lines like “Your account will be closed in 24 hours”, “Urgent: IRS Final Notice”, or “Emirates NBD: Suspicious Transaction Detected” are designed to short-circuit your thinking. Real banks, tax authorities, and platforms rarely threaten immediate catastrophe in a subject line. Urgency is a manipulation tool — recognize it as one.

4. Generic Greetings Instead of Your Name

A real bank or government body that emails you will almost always use your registered name. Phrases like “Dear Customer”, “Dear User”, or “Hello Account Holder” are classic signs the sender doesn’t actually know who you are — because they blasted the same email to thousands of people.

Red Flags 5–6: Inside the Email Body

5. Grammar Errors and Odd Phrasing

Professional organisations proofread their communications. Phishing emails — even sophisticated ones — often contain subtle errors: misplaced commas, awkward sentence structures, British spellings mixed with American, or translated-sounding phrases. An email claiming to be from the IRS that reads “Kindly do the needful to avoid penalisation of your account” is not from the IRS.

That said, don’t rely on this alone. AI tools now help scammers write cleaner English, so a grammatically perfect email can still be a phish.

6. Fake Logos and Off-Brand Visuals

Scammers copy logos from company websites, but they often get the colours slightly wrong, use a low-resolution image, or place the logo in an unusual position. Compare the email design against a real email from that company (check your past legitimate emails). Emirates NBD, for example, has a very specific email template — a spoofed version will feel slightly off if you look closely.

Red Flags 7–8: The Links and Attachments

7. Suspicious Links — Always Hover Before You Click

This is the single most important habit you can build. Before clicking any link in an email, hover your mouse over it (on mobile, press and hold). The real destination URL will appear at the bottom of your browser or in a small pop-up. If the email claims to be from your UPI app but the link points to upi-verify-now.xyz, do not click it.

Watch for these link tricks:

  • Misleading anchor text: The visible text says www.incometax.gov.in but the actual link goes somewhere else entirely.
  • URL shorteners: Bit.ly or TinyURL links in official communications are a red flag — legitimate companies don’t hide where they’re sending you.
  • HTTPS doesn’t mean safe: A padlock icon only means the connection is encrypted, not that the site is legitimate. Scam sites use HTTPS too.

8. Unexpected Attachments

An unsolicited attachment — especially a .zip, .exe, .docm, or even a PDF you weren’t expecting — is a serious warning sign. Real organisations rarely send attachments out of the blue. A fake HMRC email might include a “Tax Refund Form.pdf” that actually installs malware when opened. Even Word documents can carry malicious macros. When in doubt, don’t open it.

5 Steps to Take When an Email Feels Suspicious

  1. Stop and breathe. Urgency is the weapon — removing it neutralises the attack. Give yourself 30 seconds to think before touching any link or attachment.
  2. Check the sender’s full email address. Click or tap the display name to reveal the actual email domain. Compare it against the company’s official website.
  3. Hover over every link. Check where links actually lead before clicking. If anything looks unfamiliar, don’t proceed.
  4. Go directly to the source. If the email claims your bank account has an issue, open a new browser tab and type the bank’s real URL yourself. Log in there and check. Don’t use the email’s link.
  5. Report and delete. Use your email client’s “Report Phishing” button (available in Gmail, Outlook, and Apple Mail). This helps protect others. Then delete the email immediately.

Bottom Line

Phishing emails succeed because they exploit trust and urgency — not because victims are foolish. The eight red flags above — dodgy sender domains, unsolicited messages, panic-inducing subject lines, generic greetings, grammar slip-ups, fake visuals, suspicious links, and unexpected attachments — are present in the vast majority of phishing attempts, whether it’s a fake UPI fraud alert, a bogus HMRC refund, a spoofed IRS notice, or a counterfeit Emirates NBD security warning.

Build one habit above all others: hover before you click. That single action, done every time, will protect you from most phishing attacks you’ll ever encounter. Share this guide with someone who might need it — the best security tool in the world is still an informed person.

Was This Helpful?
Share this alert — you could protect someone from losing their savings

Leave a Reply

Your email address will not be published. Required fields are marked *

Read Next

Related Articles

How-To Guides
Check if Your Email Was Hacked – Free Tools (2 Min)
5 min read