Phishing remains one of the most common ways criminals steal passwords, payment details, and personal data. The good news: most phishing attempts follow predictable patterns once you know what to look for.
Before you click any link, pause and verify the sender, the urgency of the message, and whether the request makes sense for that organization.
1. Check the sender address carefully
Attackers often use addresses that look almost legitimate. Compare the domain letter by letter. A message from support@paypa1.com is not from PayPal.
2. Look for urgency and fear tactics
Phrases like “your account will be locked in 2 hours” or “unusual sign-in detected” are designed to make you act without thinking. Real institutions rarely pressure you that aggressively by email.
3. Hover before you click
On desktop, hover over links to preview the real destination. On mobile, long-press the link. If the URL does not match the brand you expect, do not open it.
4. Verify through official channels
If an email claims to be from your bank, telecom provider, or employer, open their official app or type the website address manually instead of using the email link.
5. Report and delete suspicious mail
Forward phishing emails to your IT team or provider abuse address, then delete the message. Never reply or engage with the sender.