Phishing Education Center

Learn to identify and protect against phishing attacks

Understanding these red flags can help you and your organization stay secure

Common Phishing Red Flags

Urgent or Threatening Language

Phishing emails often create a sense of urgency or fear to pressure you into acting quickly without thinking.

Example:
"URGENT: Your account will be suspended in 24 hours unless you verify your information immediately!"

Generic Greetings

Legitimate companies usually address you by name. Generic greetings like "Dear Customer" are suspicious.

Example:
"Dear Valued Customer" instead of "Dear John Smith"

Suspicious URLs

Hover over links to see the actual destination. Look for misspellings, unusual domains, or shortened URLs.

Example:
"paypaI.com" (with capital i instead of lowercase l)
"bit.ly/xyz123" (shortened URL hiding destination)

Unexpected Attachments

Be cautious of unexpected attachments, especially executable files (.exe, .zip, .scr) or Office documents with macros.

Example:
"invoice.exe" or "document.zip" from unknown senders

Poor Grammar & Spelling

Professional organizations rarely send emails with obvious spelling mistakes or grammatical errors.

Example:
"You're account has been compromissed" (incorrect spelling and grammar)

Requests for Personal Information

Legitimate companies never ask for passwords, SSNs, or financial information via email.

Example:
"Please reply with your password and credit card number to verify your account."

Security Best Practices

Stop and Think

Take a moment to evaluate the email before clicking any links or attachments. If it seems urgent, that's often a red flag.

Verify Independently

If you receive a suspicious email claiming to be from a company, contact them directly through their official channels to verify.

Use Multi-Factor Authentication

Enable 2FA on all your accounts. Even if your password is compromised, MFA provides an additional layer of security.

Test Your Knowledge

Which of the following is a common phishing red flag?
The email is personalized with your full name
The email creates a sense of urgency
The email has a professional signature
The email is from a known sender