How to spot a phishing email in under ten seconds.

Phishing emails get better every year. The grammar improves, the logos look right, the addresses sit closer and closer to the real ones. Despite all of that, almost every phishing email still gives itself away on the same handful of signals. Once you train your eye on those, you stop having to think very hard about it.

The pattern, in one line

Phishing emails ask you to take an action, soon, by clicking a link, on a site that looks like a real one. If a message fits that shape, it's worth a second look before doing anything.

What to actually check

• The sender's actual address. Not the display name — the address inside the angle brackets. "Apple Support" is just a label anyone can set. The real address is what counts, and on a phishing email it almost never matches the brand's real domain.
• Where the link goes. Hover over it on desktop, long-press it on mobile. The destination is what matters, not the visible text. If a link says secure.bank.com but actually points to bank-secure-login.xyz, that is your answer.
• Whether you're being rushed. Real services almost never make you do something inside the next thirty minutes to avoid a bad outcome. Urgency is the most reliable phishing tell of all.
• How they refer to you. "Dear customer", "Hello user", a missing name where your name should be — none of those are dealbreakers on their own, but combined with anything else they raise the score.

If you're not sure

The cleanest move is to ignore the email entirely and go to the service the normal way — type the address into your browser, open the official app, log in directly. If the message was real, the same alert will be waiting for you inside the account. If it wasn't, nothing happens. You lose nothing either way.

What to do if you clicked

Clicking a link is not the same as losing the account. If you clicked but didn't enter credentials, close the tab and you're almost certainly fine. If you did enter credentials, change that password from a known-good device, turn on two-step verification if it wasn't already on, and have a look at the recent sign-in activity. That's usually the whole recovery.

Phishing works because it asks you to make a quick decision under pressure. The fix is to slow down by five seconds and check the same three things every time. The pattern is older than the internet — and once you know it, you'll see it in every attempt.