Security
Breadcrumbs

How to Spot a Phishing Email

Phishing emails are one of the most common ways attackers try to compromise your account, steal data, or install malware. These emails often look like they come from a trusted source — your bank, Microsoft, your manager — but they’re designed to trick you.

Here’s how to spot them and what to do if something feels off.


Think Before You Click

🚩 Common Red Flags:

  • Urgent or threatening language
    “Your account has been locked!” or “Immediate action required!” is a classic scare tactic.

  • Spoofed senders
    The name might look legit, but hover over the sender to see the actual email address. For example:
    From: Microsoft Support <micr0soft.support@gmail.com>

  • Weird links
    Hover your mouse over links without clicking. A legit Microsoft link might look like:
    <https://login.microsoftonline.com>
    A phishing one might look like:
    <https://login-micr0s0ft.secure-login.ru>

  • Unfamiliar attachments
    If you're not expecting a file — especially a .zip, .exe, or a Word document — don't open it.

  • Poor grammar or odd formatting
    Legitimate companies don’t usually send emails with broken English, weird spacing, or inconsistent fonts.

  • Unusual requests
    Is someone asking you to buy gift cards, send banking info, or change wiring instructions? Always verify through a known contact method before taking action.


Trust Your Gut

If something feels weird, it probably is. It’s better to double-check than fall for a scam. If you’re unsure, stop and report it.


What to Do (And NOT Do)

✅ Do:

  • Take a screenshot of the message if you're reporting it.

  • Forward the suspicious email to IT (see below).

  • Delete it after reporting, unless instructed otherwise.

❌ Don’t:

  • Don’t click any links or buttons.

  • Don’t open attachments.

  • Don’t reply or engage with the sender.


Examples of Real-Looking Phishing Attempts

Fake Email Type

What It Tries to Do

Password reset from "Microsoft"

Steal your credentials

File share from “HR”

Trick you into opening a malicious attachment

Invoice from unknown sender

Install malware via a fake PDF or ZIP

Message from your “boss” asking for gift cards

Social engineering scam


💬 Need Help?

If you're ever unsure, don’t guess — let us take a look. If you clicked a suspicious link, entered your password, or downloaded a file:

We’ll review it, investigate if necessary, and help secure your account.


👀 Tip: We can’t stop every phishing email — but we can catch it early if you report it.

Last updated: