If you’ve ever paused before clicking an email, wondering if it’s real or a scam, you’re not alone. Phishing emails are sneaky—designed to look like messages from people or companies you trust. And they’re only getting better at fooling even the savviest users.
The good news? You don’t need to be a cybersecurity expert to spot one. You just need to know what to look for—and you can do it in about 10 seconds.
1. Check the Sender’s Address (Not Just the Name)
Cybercriminals love to impersonate familiar names. But their email addresses often give them away. If the sender looks like support@amaz0n-help.com instead of support@amazon.com, that’s a red flag. Always check the domain name carefully before clicking anything.
2. Hover Over Links Before You Click
Phishing emails often include links that look legitimate—but lead somewhere dangerous. Hover your mouse over any link (without clicking!) to see the actual URL. If it doesn’t match the company’s official website, it’s probably a trap.
3. Look for Urgency or Fear Tactics
Phishing emails love drama. They’ll tell you your account will be closed in 24 hours, or that there’s been suspicious activity. These scare tactics are designed to make you act fast before you think. When in doubt, take a breath and verify through official channels.
4. Watch for Bad Grammar or Odd Formatting
Legitimate companies proofread their emails. Hackers? Not so much. If an email is full of spelling mistakes, weird phrasing, or odd formatting, it’s likely not from who it claims to be.
5. Don’t Trust Attachments You Weren’t Expecting
Random attachments—especially ZIP files, PDFs, or Word documents—can contain malware. If you weren’t expecting it, don’t open it. Always confirm with the sender through a separate message or call.
6. Check for Generic Greetings
“Dear Customer” or “Dear User” is a favorite phishing opener. Legitimate companies usually personalize their emails using your real name.
The 10-Second Habit That Saves You Hours of Trouble
Before you click or reply, pause for just 10 seconds to run through this checklist. That quick habit could save you from hours—or even days—of cleanup after a breach.
At ETTE, we help businesses train their teams to spot and stop phishing attempts before they become problems. Because cybersecurity doesn’t start with software—it starts with awareness.