Phishing is one of the most prevalent cyber threats today, where attackers impersonate trusted entities like banks, social media platforms, or government agencies to steal your passwords, credit card numbers, or sensitive data. Since these attacks rely on human psychology rather than software vulnerabilities, knowing how to spot them is your best defense.

1. Inspect the Sender's Display Name and Email Address

Attackers often use spoofing to make an email look like it is from a legitimate source. Do not trust the display name alone. Click or hover over the sender's name to reveal the actual email address. If the email claims to be from "Netflix" but the address is "support@xyz-mail.com" or contains subtle misspellings (e.g., @micros0ft.com), it is a phishing attempt.

2. Hover Over Links Before Clicking

Before clicking any button or link in an email, hover your mouse cursor over it. A small box will appear at the bottom of your browser or mail client showing the destination URL. If the link text says "Reset Password" but the URL points to a random string of characters or an unfamiliar domain, do not click it. On mobile, you can long-press a link to see the preview URL.

3. Identify High-Pressure or Threatening Language

Phishing emails are designed to make you act before you think. They often use urgent language, claiming that your account will be "permanently suspended" or that there is an "unauthorized login attempt" that requires immediate action. Legitimate companies will rarely use high-pressure tactics or threats to get you to provide information.

4. Look for Generic Greetings and Poor Grammar

While phishing is becoming more sophisticated with AI, many emails still use generic greetings like "Dear Valued Customer" or "Dear Member" instead of your actual name. Additionally, look for spelling errors, awkward phrasing, and inconsistent formatting. Major corporations have professional editors; scammer campaigns often do not.

5. Be Wary of Unexpected Attachments

Never download or open attachments that you were not expecting, especially those with .zip, .exe, or .html extensions. Even .pdf and .docx files can contain malicious macros or scripts designed to install malware or ransomware on your system the moment they are opened.

6. Enable Two-Factor Authentication (2FA)

The best way to mitigate the damage of a successful phishing attack is to have Multi-Factor Authentication (MFA) enabled on all your accounts. Even if a phisher manages to steal your password, they will still be blocked from accessing your account without the unique code sent to your mobile device or physical security key.

7. Report and Delete the Email

If you identify a phishing email, do not just delete it. Use the "Report Phishing" or "Report Spam" feature in your email client (like Gmail or Outlook). This helps their security algorithms identify the attacker's patterns and protect other users from receiving the same scam.

💡 Pro Tip: Keep your software updated to avoid these issues in the future.