Last updated: April 2026

Phishing: How to Spot Scams and Fake Emails

Suspicious email with a fake sender address shown in an inbox on screen

Received a suspicious email and not sure if it's real? In 2026, fraudsters use AI-generated text and perfect copies of bank websites to trick you. But there are 7 clear warning signs that identify fake emails. Here you'll learn how to spot phishing, what to do if you've clicked a fake link, and how to report fraud attempts.

What is phishing?

Phishing is a form of fraud where someone impersonates a company, bank, or public institution you trust. The goal is to get you to click a link, download an attachment, or provide sensitive information. It can arrive as an email, SMS, phone call, or social media message.

These attacks have become far more sophisticated in recent years. Fraudsters use real logos, copy designs from well-known websites, and write increasingly convincing text. Fortunately, there are clear signs that expose fake emails — even the most convincing ones.

7 signs that an email is phishing

1. Wrong sender address

Always look at the actual email address, not just the display name. An email from "Bank Customer Service" that actually comes from "support@bank-security-123.com" is definitely fraud. Legitimate companies send from their own domain.

2. Urgent language

"Your account will be closed in 24 hours!" or "Pay immediately to avoid debt collection." Fraudsters use time pressure to stop you from thinking things through. Legitimate companies never send such threats by email without prior notice.

3. Suspicious links

Hover over links without clicking. Look at the URL that appears. Does it point somewhere other than the company's official website? That's a scam. Watch for misspellings in the domain: "amazon-support.com" is not the same as "amazon.com".

4. Language errors and poor formatting

Even though phishing emails have improved, odd phrasing, missing letters, and inconsistent formatting are still common. Compare with genuine emails you've previously received from the same sender.

5. Requests for sensitive information

Your bank will never ask for your password, login codes, or account number by email. The same applies to tax authorities, postal services, and all other reputable organisations. Full stop.

6. Unexpected attachment

Files with extensions like .exe, .zip, .scr, or .js should never be opened unless you are completely certain who sent them. Even PDF files can contain malicious code in some cases.

7. Generic greeting

"Dear customer" instead of your name is a warning sign. Companies you have a relationship with usually know your name. It's not a definitive sign on its own, but combined with other indicators it strengthens the suspicion.

Illustration of a phishing attack where criminals impersonate a bank's website

SMS fraud (smishing)

SMS fraud follows the same pattern as email phishing. Fake parcel deliveries, "suspicious activity" on your account, or prizes you've "won". Postal services never send SMS messages with links to payment pages. Banks never ask for login codes via SMS.

Always verify the sender. If you're unsure, go directly to the company's website by typing the address yourself in the browser. Do not click the link in the message. Fake emails and SMS messages use the same tricks.

What to do if you clicked

If you clicked a phishing link or provided information, it's important to act quickly:

How to report phishing

Reporting helps stop fraudsters. You can report phishing to several places:

Spoofing: When the sender looks genuine

Some fraudsters manage to forge the actual sender address so it looks completely genuine. This is called spoofing. The email can appear to come from your boss, your bank, or a colleague.

The defence against spoofing is to never blindly trust the sender address alone. Does the content look suspicious? Call the sender by phone and ask whether they actually sent it. NorSIS has a good phishing guide with up-to-date examples.

Everyday prevention

The best protection is good habits. Use a password manager so you never reuse passwords. Enable two-factor authentication on all important accounts. Keep your software updated. And take five extra seconds to think critically about emails that ask you to do something.

If you feel uncertain about IT security, IT help from Datafolka can give you guidance tailored to your needs. There are no stupid questions when it comes to online fraud.

Summary

Always check the sender address, be sceptical of urgent language, and hover over links before clicking. If you've given information to fraudsters, change your passwords and contact your bank immediately. The most important thing is to pause and think — which is exactly what fraudsters try to prevent you from doing.

Frequently asked questions about phishing

How do I know if an email is phishing?
Check the sender address (not just the display name), look for urgent language, hover over links without clicking, and be sceptical of requests for sensitive information. Legitimate companies never ask for passwords or bank login codes by email.
What should I do if I clicked a phishing link?
Change your password immediately on the affected accounts, call your bank if you provided banking details, run a full virus scan, and enable two-factor authentication. Report to the police if you have lost money.
What is the difference between phishing and smishing?
Phishing arrives via email, while smishing is fraud via SMS. Both use fake senders and links to trick you into revealing personal information. The same precautions apply to both.
Can fraudsters fake the sender address?
Yes, this is called spoofing. The email can appear to come from your boss or your bank. Always call the sender directly if the content seems suspicious, even if the address looks genuine.
Where do I report phishing in Norway?
Report to Nettvett.no (Nkom), forward the email to the company being impersonated, and use the report phishing button in your email client (Outlook/Gmail). Contact the police if you have suffered financial loss.

Read also: