Top 10 Red Flags in a Suspicious Email

Phishing remains one of the most common ways hackers break into small and mid-sized businesses. Attackers don’t need to exploit complex software vulnerabilities when a single click on a malicious email can give them access to your systems.

The good news: most phishing emails share common traits. If your employees know what to look for, they can stop many attacks before damage is done. Here are the Top 10 Red Flags to spot in a suspicious email:

1. The Sender’s Address Looks “Off”

A legitimate email might come from support@company.com, but a fake one could use support@companny.co or support@company-login.com. Even a single extra letter is a sign of danger.

2. Generic Greetings

Be cautious of emails starting with “Dear Customer” or “Hello User.” Real business partners and vendors usually know your name.

3. Urgent or Threatening Language

Phrases like “Act now or your account will be closed” are designed to create panic and push you into clicking without thinking.

4. Unexpected Attachments

If you weren’t expecting a file, don’t open it—especially if it’s a .zip, .exe, or macro-enabled document. These are common vehicles for malware.

5. Strange Links

Hover over links (without clicking) to preview the destination. If the URL looks unfamiliar, misspelled, or doesn’t match the sender, it’s likely malicious.

6. Poor Spelling and Grammar

Many phishing emails contain typos or awkward wording. While some attackers are getting better at copywriting, clumsy mistakes are still a giveaway.

7. Requests for Sensitive Information

Legitimate companies rarely ask for passwords, bank details, or Social Security numbers by email. If they do, call them to confirm first.

8. Too Good to Be True

Offers for free money, prizes, or unbelievable deals are classic phishing lures. If it sounds unrealistic, it usually is.

9. Inconsistent Branding

Logos that look pixelated, colors that don’t match, or odd formatting can be signs the email was thrown together by attackers.

10. Unusual Timing

An email from your CFO at 2:00 AM requesting a wire transfer should raise immediate suspicion. Attackers often send emails at odd hours to avoid scrutiny.

The Bottom Line

Phishing emails are getting more sophisticated, but the red flags remain the same. If something feels “off,” trust your instincts and verify through another channel.

Quick rule of thumb: When in doubt, don’t click—call.

At Encompass IT, we help businesses in Connecticut and Massachusetts train employees, filter out phishing attempts, and stay secure against the latest email scams. If you need help building cybersecurity protections for your business, reach out today to info@encompassit.com or give us a call at (860) 785-6233.