How to Spot a Phishing Email

Phishing messages try to create enough trust or urgency for you to reveal information, transfer money or run malicious software. Careful verification is more reliable than judging a message by appearance alone.

Account safety8 min readReviewed 14 July 2026

Pause before acting

Unexpected urgency, threats of closure and unusual payment requests are reasons to stop. A polished logo and familiar colours are easy to copy. Treat the requested action and its context as more important than how professional the message looks.

Verify through another route

Do not use the phone number or link supplied in a suspicious message. Open the organisation’s known website yourself, use an official app, or contact a person through an existing channel. Check the full sender address, but remember that display names can be forged.

Inspect links and attachments

On a desktop, preview a link destination before clicking. Look for misspelled or unrelated domains and deceptive subdomains. Avoid unexpected attachments, especially executable files, archives and documents asking you to enable macros or bypass security warnings.

Report and recover

Use the organisation’s phishing-report channel and your mail provider’s report function. If you entered a password, change it from a clean device, revoke active sessions and enable multi-factor authentication. Contact your bank immediately if financial information or money is involved.

Quick checklist

  • Distrust unexpected urgency
  • Navigate to services independently
  • Check the registrable domain
  • Report compromises immediately

Remember: Mailvator inboxes are public and temporary. Never use them for confidential information, financial services or long-term account recovery.