Phishing Inspector
Back to Blog
Security Guide

How to Check if an Email is Phishing (Free Tools & Methods)

By Phishing Inspector Editorial TeamUpdated: March 15, 202610 min read

Received a suspicious email and not sure if it is real? This guide walks you through exactly how to check if an email is phishing — using both manual techniques and free automated tools.

What is Phishing? A Quick Recap

Phishing is a type of cyberattack where criminals impersonate a trusted entity — a bank, a delivery company, your boss, or a tech platform — to trick you into revealing passwords, clicking malicious links, or transferring money.

Modern phishing emails are sophisticated. With AI tools like ChatGPT, attackers can write grammatically perfect, personalized emails that are nearly indistinguishable from the real thing. That's why you need a systematic approach to verify them.

Method 1: Use a Free Phishing Email Scanner (Fastest)

The quickest way to check if an email is phishing is to use an automated scanner. Phishing Inspector is a free AI-powered tool that analyzes emails in seconds using:

  • Google Safe Browsing — checks all links against Google's database of known phishing and malware URLs
  • VirusTotal — scans every URL through 70+ security engines simultaneously
  • AI language models — detects social engineering language, urgency tactics, and impersonation patterns
  • SPF, DKIM, DMARC authentication — verifies the email actually came from the claimed domain

Try it now — it's free

Copy the suspicious email (use "Show Original" or "View Source" in your email client to get the full headers), paste it in, and get an instant verdict.

Check an Email Now

Method 2: Check the Sender's Email Address

This is the most basic — but frequently overlooked — check. Phishers use two main tricks:

Lookalike Domains

The domain looks real but has subtle changes: paypa1.com instead of paypal.com, or amazon-support.net instead of amazon.com.

Display Name Spoofing

The display name says "PayPal Support" but the actual address is support@random-domain.ru. Always click to expand and see the real address.

How to check: In Gmail, click the sender name. In Outlook, hover over the name. In Apple Mail, click the arrow next to the sender.

Method 3: Inspect Every Link Before Clicking

Never click a link in a suspicious email before checking where it goes. Here is how:

  1. Hover over the link — your browser or email client will show the actual destination URL in the status bar. Does it match what the text says?
  2. Copy the URL and check it on VirusTotal — go to virustotal.com, paste the URL, and see if any security engines flag it.
  3. Use our scanner — paste the full email and we check every URL automatically against 70+ engines.

Watch out for URL shorteners

Links like bit.ly/xyz123 hide the real destination. You can expand them using a service like checkshorturl.com before clicking.

Method 4: Check Email Authentication Headers (SPF, DKIM, DMARC)

Email authentication is the technical backbone of anti-spoofing. When an email fails these checks, it means the sender is not who they claim to be.

SPF

Checks if the sending server is authorized to send on behalf of the domain.

Pass: Server is in the approved list
Fail: Could be a spoofed or unauthorized server

DKIM

Verifies a cryptographic signature that proves the email was not tampered with.

Pass: Email is authentic and unmodified
Fail: Email may have been altered or forged

DMARC

Combines SPF and DKIM results. A DMARC fail is a strong phishing signal.

Pass: Domain owner has validated the email
Fail: High risk — possible impersonation attack

To check these headers manually, open the email's raw source. In Gmail: "Show Original". In Outlook: "View Message Source". Or just paste the full email into our free tool and we parse all headers automatically.

Method 5: Look for Social Engineering Red Flags

Phishing emails are designed to make you act without thinking. Common manipulation tactics include:

  • False urgency: "Your account will be suspended in 24 hours" — this is designed to bypass your critical thinking.
  • Fear and threats: "Unusual activity detected on your account" or "Legal action will be taken".
  • Too-good-to-be-true offers: Prize winners, unexpected refunds, inheritance emails.
  • Request for credentials: Legitimate companies never ask for passwords over email.
  • Generic greetings: "Dear Customer" instead of your real name — often a sign of mass-sent phishing.

Phishing Check Checklist

Before clicking anything in a suspicious email, verify:

Does the sender address match the claimed company's domain exactly?
Do the links go to the expected domain when you hover over them?
Does the email pass SPF, DKIM, and DMARC checks?
Is the email using urgency or fear to make you act fast?
Does the email ask for passwords, payment, or personal data?
Does the design or wording feel slightly off?

The Fastest Way to Check Any Email

Instead of checking each of these manually, use Phishing Inspector to run all of them automatically — AI analysis, URL scanning, authentication checks, and behavioral pattern detection — in one go. It is free, private, and takes seconds.

Scan a Suspicious Email — Free