Phishing remains the most common tactic attackers use to steal credentials and deliver malware【260337782565565†L3-L8】. These emails often look convincing, the links seem legitimate and the requests feel urgent. Recognizing the tell‑tale signs of a phishing attack is your first line of defence.

Common signs of a phishing email

• Suspicious sender address. Attackers spoof or slightly misspell trusted domains【260337782565565†L12-L15】.
• Generic greetings. Messages start with “Dear user” or “Dear customer” instead of your name【260337782565565†L12-L15】.
• Urgent or threatening language. Pressure to act quickly is designed to override your caution【260337782565565†L12-L15】.
• Unexpected attachments or links. Hover over a link to check whether the destination matches the text【260337782565565†L15-L16】.

Why phishing works

Phishing succeeds because it preys on emotions. Attackers mimic trusted brands, coworkers or vendors to create a sense of familiarity. They introduce fear—such as threatening account suspension—or excitement, like fake prize notifications【260337782565565†L17-L18】. Their goal is to get you to click before you think.

How to protect yourself and your business

• Verify requests. If an email asks for sensitive information or payment, confirm the request through another channel【260337782565565†L20-L23】.
• Use security tools. Modern email gateways and security awareness training can filter out many malicious messages【260337782565565†L23-L24】.
• Enable multi‑factor authentication (MFA). Even if credentials are stolen, MFA can block unauthorized access【260337782565565†L24-L25】.
• Report suspicious emails. Alert your IT team to help protect everyone else in your organisation【260337782565565†L25-L26】.

Phishing will continue to evolve, but a healthy dose of scepticism and solid security practices make it far less effective【260337782565565†L27-L28】. Take a moment to inspect before you click—that pause could save your data.