Phishing tricks a person into clicking a malicious link, opening a bad attachment, or handing over a password. It arrives by email, SMS ("smishing"), WhatsApp, or phone. Teach your team the signs below and you stop most attacks before they start.

The red flags

  • Urgency and pressure. "Your account will be closed in 24 hours." Fear makes people click.
  • Unexpected requests. A supplier suddenly changes bank details; the "CEO" asks for a gift card or urgent transfer.
  • Mismatched sender. The display name looks right but the real address is off (e.g. support@micros0ft-secure.com).
  • Suspicious links. Hover to see the real destination before clicking. It rarely matches the text.
  • Unexpected attachments. Especially invoices, "receipts," or files asking you to enable macros.
  • Generic greetings and odd language. "Dear customer," strange phrasing, or subtle spelling errors.

Two rules that stop most attacks

  1. Verify money and credential requests on a second channel. If an email asks to change bank details or send funds, call the person on a known number. Never use the contact details in the suspicious message.
  2. Never enter your password after clicking an email link. Go to the site directly by typing the address or using a bookmark.

Build defenses beyond people

  • Turn on MFA everywhere — it limits the damage of a stolen password.
  • Use email filtering with link and attachment scanning.
  • Configure SPF, DKIM, and DMARC so attackers can't easily spoof your domain.
  • Run security awareness training and occasional simulated phishing tests.

If someone clicks: don't blame them — speed matters more than shame. Have them report it immediately, change the affected password, sign out all sessions, and check for new inbox rules or forwarding. Fast reporting turns a near-miss into a non-event.

Give your team the reflex

Our Security Awareness sessions teach staff to spot and report phishing, and an optional simulated phishing test shows where the gaps are — without embarrassing anyone.

See Security Awareness Back to blog