Email remains the front door for cyberattacks: by some industry estimates, around 68% of cyberattacks originate from email, and phishing is the most common initial way in. [1][2] Knowing the red flags is one of the most useful security skills there is — so let’s make them concrete.
Red flag 1: the sender isn’t who it claims
Look past the display name to the actual address. Common tricks:
- A public domain pretending to be a company: “Your Bank” sending from
[email protected]. - A misspelled domain:
micros0ft.com,amaz0n-billing.com,chase-secure-login.com. - A real-looking name on a thread you didn’t start — sometimes from a genuinely compromised account.
Red flag 2: urgency and fear
“Your account will be closed.” “Payment failed — act now.” “Unusual sign-in detected.” Urgency is the engine of phishing because it stops you thinking. Verizon found the median person clicks a phishing link in about 21 seconds — the pressure is the point. [3] A real organisation will let you log in normally, on your own time.
Red flag 3: the link doesn’t match
Hover over a link (or press and hold on mobile) to preview where it really goes. If the visible text says one thing and the destination is a different, odd-looking domain, that’s a phishing hallmark. Vague buttons — “Click here,” “Log in now” — that hide the real URL deserve extra suspicion.
Red flag 4: unexpected attachments or QR codes
Phishing attachments often pose as invoices, receipts or tax documents — sometimes as HTML files or ZIPs that carry the payload. Increasingly, attackers embed a QR code instead of a link to dodge filters. If you weren’t expecting a file or a code, don’t open or scan it.
Red flag 5: small details that are slightly off
- Generic greetings (“Dear Customer”) from a company that knows your name.
- Tone or formatting unlike the sender’s usual emails.
- Requests for things no legitimate company asks by email — your password, full card number, or a one-time code.
The catch: modern phishing is polished
Here’s the honest part. AI has made phishing emails dramatically cleaner — one analysis found over 82% of phishing emails in a recent period showed signs of AI assistance, erasing the clumsy grammar that used to give scams away. [4] The classic “bad spelling” tell is fading. That means red flags catch a lot, but not everything.
The reliable backstop: verify in one click
When you can’t be sure, the answer isn’t to guess — it’s to check. SafeToOpen Email Security puts a verdict right next to the message: it runs the headers (SPF, DKIM, DMARC), the links, any QR codes and attachments, and the sender’s reputation, then tells you plainly whether the email is safe — in Outlook and Gmail, in one click.
Stop guessing — verify in one click
SafeToOpen Email Security checks headers, links, QR codes, attachments and the sender, then gives you a clear trust score.
How Email Security works →The takeaway
Check the real sender address, distrust urgency, preview links before clicking, never open unexpected attachments or QR codes, and watch for off details. Then — because the best fakes beat the checklist — back yourself up with one-click verification when a message matters.