A Visual Guide to Identify Phishing Emails and Websites

Page content

Fraudulent Express Delivery Notification

This email message is really short but it has an attachment that is quite dangerous to open. The phisher attempts to trick the recipient into opening the attached compressed file that is actually malicious. You will see in the next photo what the actual content of the attachment is and why it is considered malicious.

Malicious Attachment of Phished Delivery Express Email

Recipients of the fraudulent email message by Delivery Express will find a malicious attachment with details.zip as the filename. When the recipient saves, opens or extracts the file, you will notice that the file icon is for a PDF, but the file extension indicates that it is an executable. If your antivirus software failed to block storing or opening this type of file, you should suspect already that the file extension .exe should not display a PDF icon unless it is malware. You’ll also see in this photo the sample scan result by Malwarebytes on the file attachment from the phisher. It was detected as a Trojan downloader that can download additional fake programs or other malicious files from remote locations online. The file is also detected by other malware scanners which I checked by uploading it at the VirusTotal website.

Fake Email from MasterCard and Microsoft Award Department

Phishers will also send e-mails to free web-based email accounts such as Hotmail, Yahoo or Gmail. In this photo, the fraudulent message was sent to my free Yahoo email account. The message shows that my email address is confirmed as one of the 200 winners of 500,000 dollars, and that Microsoft and MasterCard have approved it. Recipients of this fake message should not provide the personal information being asked for because the details that you send will put your identity at risk. It can be used by fraudsters to access your accounts at many different financial institutions.

Phished Ticket Police Email

This photo is an example of a phishing email message from the motor vehicles department in New York. People who don’t live in the United States of America (USA) should immediately identify this as unwanted email or spam. The email message includes a file attachment, Ticket.zip, which is another reason to be suspicious of the email recipient whether you are living in the USA or in another country. The next photo is the scan result by Windows Defender and Malwarebytes Anti-Malware for the compressed file attachment of this fake email.

Fake Traffic Ticket in New York

Any email message that includes a file attachment is considered suspicious especially if the recipient is not expecting files from that contact or doesn’t even recognize the sender. In this photo, you will notice that the compressed file has Ticket.exe as the file name, which is an executable file extension, but uses a PDF icon. The file was scanned by Windows Defender and Malwarebytes, and both found it to be malicious. The said file, if executed, will silently download and install other programs without the user’s consent. Other malware scanners will also detect this and you’ll find the scan results in this VirusTotal link.

Yahoo! Account Update Phishing E-mail

The photo in this email message is obviously not from Yahoo because of the following obvious reasons:

  • Yahoo! or other web-based services will never ask for your password via email.
  • It was sent to undisclosed recipients.

Recipients of this type of account-related email should also check out the full headers of the message. Most web-based email providers are using Sender Policy Framework (SPF) and/or DomainKeys Identified Mail (DKIM). If the authentication-results section in the email header is displaying “no sig", it only means it was not authenticated or did not pass the authentication. Yahoo!, Hotmail, Gmail and other email providers are using an email authentication system to verify that the sender is really from them.

Notification Pending for Facebook Users

This photo is a fake email that notifies the recipient of pending messages at Facebook. You can easily identify that it is a phishing email because all of the linked text and hyperlinks point to a different URL address that Facebook.com. If the recipient of the fake message clicks the hyperlinks, they will be sent to a Canadian Family Pharmacy webpage which is maintained by scammers. For people who don’t use the Facebook service, you will immediately identify all Facebook related notifications as phishing attempts.

Fraudulent Canadian Pharmacy Webpage

This photo is a page that fraudsters are maintaining. You will get to this kind of webpage if you clicked on the links inside of phishing emails such as the fake Facebook notification message from the previous photo in this photo gallery. This webpage is dangerous to visit because the items they claim to sell aren’t legally available to sell in the U.S. in this manner. All they want is to collect your credit card information when you submit payment. You won’t get any of these drugs, but they will be able to use your card to buy other things online.

Credit Card Overdue Fake Message

This photo shows a phishing and malicious email because the message will trick the recipient into opening the attached file in the message. The attachment in the message is Trojan downloader that can put the computer and your personal information at risk when opened or executed.

Phishing Email: EFTPS Tax Payment

This photo is also an obvious phishing attempt because the recipient is not running a business that requires paying tax and the link in the message is not what it appears to be. If the recipient clicks on the link in the message, it will go to a page that is maintained by the scammer so they can get your personal information, such as your full name, social security number and credit card number.

Phishing Email: Twitter Unread Messages

It’s not only Facebook that is being used by fraudsters in tricking people to visit their fraud webpage, but can also use other popular services such as Gmail, Hotmail, Yahoo and Twitter. In this photo, you can easily know that the message is a phishing email especially if you don’t maintain or use the Twitter social networking service. The link in the message is not located at Twitter.com and then the Outlook anti-phishing filter also identified the message as a phishing message which is unsafe.

Fake Government Website

Scammers are also using government websites to trick people into providing their financial information. In this photo, you will see the UK Government webpage is displayed but the URL address is a phishing website address. You can find this kind of phishing URL if you click on links directly from phishing emails. They often use shortened URL services to hide the fake URL address.


  • Information based on author’s experience.