Anatomy of a Phish

A Field Guide to Identifying Suspect Emails

The Five Warning Signs

Phishing emails are designed to trick you. Before you click, take a moment to inspect the message for these common red flags.

1. The Sender Address

The "From" name might look legitimate, but inspect the actual email address. Scammers often use public domains (like @gmail.com) or create lookalike domains with subtle misspellings.

Example: `security@microsoft-support.net` (The real domain is @microsoft.com)

2. The Tone of Urgency

The message creates a sense of panic or pressure. It might threaten to close an account, claim you have a problem to fix, or demand immediate action to avoid negative consequences.

Example: "Your account has been compromised! Click here to secure it NOW or it will be suspended."

3. Generic Greetings & Errors

Legitimate companies usually address you by name. Be wary of generic greetings like "Dear Valued Customer." Spelling mistakes and poor grammar are also major red flags.

Example: "dear user, we detected un-usual activitys on you're account."

4. Suspicious Links & Files

Hover your mouse over links (without clicking!) to see the actual destination URL. Never open unexpected attachments, especially ZIP files or documents that ask you to "enable macros."

Example: The link text says `www.bank.com` but the preview shows `www.b1tly.xyz/scam`.

When In Doubt, Throw It Out.

If an email feels suspicious, do not reply, click any links, or download attachments. Report it as phishing or junk and delete it. If you're unsure, contact the supposed sender through a separate, trusted channel.