Phishing basics: how to spot it fast
On this page
Phishing is still the #1 “easy win” for attackers because it bypasses technical controls and targets people.
If you learn one habit, make it this:
Never log in from an email link. Navigate by typing the domain or using a bookmark.
The 30-second phishing check
- Who sent it? Expand the sender details (not just the display name).
- Where does the link really go? Hover on desktop; long‑press/copy on mobile.
- Does the message create urgency? “Account suspended”, “payment failed”, “security alert” are classic triggers.
- Is the domain slightly wrong? Extra hyphens, swapped letters, weird subdomains.
- Are you being asked for a code? Real support agents don’t need your MFA codes.
If you clicked (don’t panic)
Do these in order:
- Change the password from a clean device.
- Sign out of all sessions (“log out everywhere”).
- Turn on MFA (app-based where possible).
- Check recovery email and recovery phone.
- Check for new forwarding rules in your email.
Primary references (high trust)
- UK NCSC:
https://www.ncsc.gov.uk/collection/phishing-scams - CISA:
https://www.cisa.gov/stopransomware/phishing
Related
- Tools page: /release1-2-tools.html