Home Safety Guides Social Media Identify Phishing
Social Media Beginner

How to Identify a Phishing Email or SMS

Mar 2026· 7 red flags· Safety Guide

A phishing message tries to steal your credentials or money by pretending to be someone you trust — your bank, the government, or a popular service. These 7 red flags let you identify a phishing attempt instantly, every time.

Why This Matters

Phishing is the most common cyber attack worldwide. In India, scammers send millions of fake bank, KYC, and delivery SMS messages every day. Learning to spot them takes 5 minutes and protects your bank account, social media accounts, and personal data.

Step-by-Step Guide

  1. 1Red Flag 1 — Urgency and threats: Phrases like your account will be blocked, last warning, or action required in 24 hours are designed to panic you into acting without thinking.
  2. 2Red Flag 2 — Suspicious sender: Check the full email address or SMS sender ID. Legitimate banks use official short codes — a message from a 10-digit mobile number claiming to be SBI is always a scam.
  3. 3Red Flag 3 — Generic greeting: Phishing emails often say Dear Customer instead of your actual name because they are sent to millions of people.
  4. 4Red Flag 4 — Suspicious link: Hover over any link before clicking. If the URL does not match the real website exactly, do not click.
  5. 5Red Flag 5 — Requests for sensitive data: Your bank, Aadhaar, or any legitimate service will never ask for your password, OTP, or PIN via SMS or email.
  6. 6Red Flag 6 — Grammar and formatting errors: Subtle spelling mistakes, mismatched fonts, or poor formatting often indicate a fraudulent message.
  7. 7Red Flag 7 — Unexpected attachment: Any unexpected attachment in an email — especially .exe, .zip, or .apk files — may contain malware.

✅ Quick Tips to Remember

  • When in doubt, go directly to the official website by typing the URL yourself rather than clicking any link
  • Report phishing SMS to 1909 (TRAI spam reporting)
  • Forward suspicious emails to your bank's official fraud reporting email
  • Legitimate services never demand immediate action under threat
  • If an email looks suspicious, call the company on their official number to verify

Common Mistakes to Avoid

Clicking links in SMS messages from unknown senders. Entering OTPs on websites you reached by clicking a link. Opening attachments from senders you did not expect to hear from. Assuming an email is real because it has the right logo and formatting.

⚠ Warning Signs You Are Already at Risk

  • You received an OTP you did not request
  • An email asks you to verify your account by clicking a link
  • A message threatens account closure within hours
  • You received a job offer or prize notification you did not apply for