Phishing Tutorial – Identify Red Flags

What is Phishing?

Phishing is a social-engineering technique used by attackers to trick you into taking an action that benefits them: clicking a malicious link, entering credentials, paying an invoice, or downloading malware. Phishing messages often impersonate a trusted brand or colleague, borrowing logos and tone to look legitimate.

Common Red Flags

🚩 Urgency

“Act now!” deadlines push you to skip verification. Real orgs rarely lock accounts instantly.

🚩 Domain Mismatch

Display name ≠ real address, or .co vs .com. Always check the actual sender and reply-to.

🚩 Suspicious Links

Non-HTTPS links, misspelled brands, or unusual paths. Hover to preview—don’t click.

🚩 Unexpected Attachments

Especially ZIP, EXE, HTA, or macros. When in doubt, don’t open—verify first.

🚩 Requests for Secrets

Legit services won’t ask for passwords or MFA codes over email.

🚩 Generic Greeting

“Dear user” instead of your name, poor grammar, or odd formatting can be clues.

Verify Safely

Hover over links to see the real destination; never click to “test”.
Check sender and reply-to domains carefully (example: brand.com vs brand.co).
Open a new tab and sign in via the official site/app—never through the email link.
Enable MFA on important accounts; it reduces damage even if credentials leak.
Report suspicious messages using your mail client’s “Report phishing” button.

Example: Quick Triage

From: "Payments" Reply-To: billing@brancl-support.co Subject: FINAL NOTICE: Invoice Overdue Link: http://brand-payments.support-billing.co/settle — Urgency + look-alike domains + non-HTTPS → High risk. Verify directly in the official app/site.

Quick Checklist

Urgent tone or scare tactics?
Sender / reply-to domain mismatch?
Suspicious or non-HTTPS link?
Unexpected attachment?
Requests for passwords or MFA codes?