Email phishing — fake emails that steal passwords
Phishing emails pretend to be from a real company — your bank, Amazon, Apple, PayPal, or others — to trick you into typing your password into a fake website. Modern phishing emails can look almost identical to the real thing.
When in doubt, never click links in emails. Open the company's website directly by typing its address into your browser (or using their app).
Key habits
- Look at the sender's email address, not just their name. Real Amazon emails come from @amazon.com, not @amaz0n-billing-help.com.
- Hover over links before clicking to see where they actually go. If the link doesn't match the company, don't click.
- "Dear customer" or "Dear member" without your real name is a red flag. Real companies usually use your name.
- Threats with deadlines ("Account suspended in 24 hours!") are classic phishing tactics. Real companies don't work that way.
- When you click a real link or open a real app, you should see your name and account information. Fake sites won't.