/
How to Spot a Phishing Email

How to Spot a Phishing Email

Phishing emails are one of the most common ways attackers try to compromise your account, steal data, or install malware. These emails often look like they come from a trusted source — your bank, Microsoft, your manager — but they’re designed to trick you.

Here’s how to spot them and what to do if something feels off.

Think Before You Click

🚩 Common Red Flags:

  • Urgent or threatening language
    “Your account has been locked!” or “Immediate action required!” is a classic scare tactic.

  • Spoofed senders
    The name might look legit, but hover over the sender to see the actual email address. For example:
    From: Microsoft Support <micr0soft.support@gmail.com>

  • Weird links
    Hover your mouse over links without clicking. A legit Microsoft link might look like:
    <https://login.microsoftonline.com>
    A phishing one might look like:
    <https://login-micr0s0ft.secure-login.ru>

  • Unfamiliar attachments
    If you're not expecting a file — especially a .zip, .exe, or a Word document — don't open it.

  • Poor grammar or odd formatting
    Legitimate companies don’t usually send emails with broken English, weird spacing, or inconsistent fonts.

  • Unusual requests
    Is someone asking you to buy gift cards, send banking info, or change wiring instructions? Always verify through a known contact method before taking action.

Trust Your Gut

If something feels weird, it probably is. It’s better to double-check than fall for a scam. If you’re unsure, stop and report it.

What to Do (And NOT Do)

✅ Do:

  • Take a screenshot of the message if you're reporting it.

  • Forward the suspicious email to IT (see below).

  • Delete it after reporting, unless instructed otherwise.

❌ Don’t:

  • Don’t click any links or buttons.

  • Don’t open attachments.

  • Don’t reply or engage with the sender.

Examples of Real-Looking Phishing Attempts

Fake Email Type

What It Tries to Do

Fake Email Type

What It Tries to Do

Password reset from "Microsoft"

Steal your credentials

File share from “HR”

Trick you into opening a malicious attachment

Invoice from unknown sender

Install malware via a fake PDF or ZIP

Message from your “boss” asking for gift cards

Social engineering scam

💬 Need Help?

If you're ever unsure, don’t guess — let us take a look. If you clicked a suspicious link, entered your password, or downloaded a file:

We’ll review it, investigate if necessary, and help secure your account.

👀 Tip: We can’t stop every phishing email — but we can catch it early if you report it.