It’s 8 AM on a Monday morning and you’re going about your usual workday when you decide to check your latest emails. That’s when you see it: an urgent message from your manager stating that it’s mandatory for you to download and review new, unannounced changes to company policy. Only this may not be your manager and the attachment that he or she sent may not be safe. In fact, this could be a cybercriminal hoping to infiltrate your device, making you the target of a phishing attack.

According to the Federal Trade Commission (FTC), these kinds of imposter scams were among the most common in 2023 and led to over $2.7 billion in losses. They can also happen at any time and to anyone through emails or text messages. So how can you protect yourself? Well, it all starts with learning what a phishing scam is, recognizing the red flags, and knowing how to react the next time you come across a phish who’s trying to lure you in.

What is Phishing

If you’ve ever gotten an unsolicited, lengthy message from “Amazon” claiming that your account is being hacked while urging you to click on a link, then you’ve likely encountered a phish before. These types of texts and emails include many of the tell-tale signs of phishing, starting with the fact that phishers like to pose as legitimate sources. For instance, a phish may claim to be your bank, a government agent, your coworker, or even well-known businesses such as Amazon in order to gain your trust. In fact, these criminals may even include familiar logos and other branding to try and pass their false identity off as real.

Once they’ve established themselves as someone you know, a phishing message will try to create a sense of urgency, such as by claiming that there’s suspicious activity on your account or that they need to confirm financial information. Their goal is to get you to act quickly without thinking by pushing you toward a link or attachment within the email. The catch? These links may lead to fake websites where criminals are waiting to steal your login credentials and those attachments can secretly contain malware that will help criminals access your personal information.

Red Flags to Watch Out For

The next time you open an email or text, and you think that it may be from a phish, here are some red flags you should pay attention to:


  • Email address
    Look closely at the email address to ensure that there aren’t any errors, and it matches with the sender’s name. Phishers may often use subtle errors or different domain names to copy the email addresses of legitimate companies or individuals.


  • Unsolicited URLs & Attachments
    As we’ve established, not every link or attachment that you receive may be safe. If you want to double-check whether or not you can click on a link, then be sure to hover over the URL in the message to see if the resulting webpage matches. If it doesn’t match, then you’ll know for sure that this a fake link. For attachments, it’s best to never download anything that you didn’t expect to receive – at least until you can confirm with the sender that they are who they claim to be, and the attachment is authentic.


  • Grammar & Spelling Errors
    Seeing multiple grammar and spelling errors can also be signs of a phishing attack. Especially if the phish claims to be a company or business, then it’s important to note that true organizations will often have teams to prevent misspellings or errors. As a result, it’s always good to be wary of messages with error after error.


  • Urgent call to action
    Phishing attacks are designed to convince victims to act quickly and think later. Keep in mind that government agencies or companies will never ask you to disclose personally identifying information such as your social security number, password, bank account information, etc. through text or email. If something is truly wrong with your accounts, it is best to contact the company directly through an authentic method such as calling the phone number on the back of your bank card or reaching out to the customer service center through a business’s official website.

What to Do

So, you opened the message, noticed the red flags, and suspect that you’re under attack from phishing. In this situation, here are the best practices to avoid becoming a cybercriminal’s next victim:

  • Take a Pause
    Phishing attacks want you to panic and ignore rationality so that you’ll follow their instructions without stopping to question them. Rather than jump into action, take a moment to pause and think about the warning signs that the message might contain. When in doubt, contact the true company, agency, or individual who the phish is posing as to verify whether or not a message actually came from them.


  • Think Before You Click
    Now that you know the dangers of unsolicited links and attachments, remember to check them for authenticity before making any moves. It’s always best to exercise caution before clicking on anything that you’re sent unexpectedly until you can confirm that it is safe and coming from a legitimate source.


  • Ignore and Delete
    If all the warning signs are present and you know that you’re not talking to the person you think you are, ignore the message or better yet delete it. It’s always better to trust your gut feeling than take any chances on a suspicious message.


  • Caught a Phish? Report it
    Before you hit that delete button, you can always take a minute to report the phishing attack so that others don’t fall victim to it. If you are receiving phishing attacks to a company email, you can report them to your company’s IT team. In other cases, you can also report a suspected attack to groups who work against phishing such as the Anti-Phishing Working Group or the FTC.


  • Take Precautions
    To avoid becoming a target of phishing in the future, it’s a good idea to double down on your data security. Some of the best practices for ensuring your online safety include regularly updating your software and devices, using strong passwords, enabling multi-factor authentication, and backing up your data so that it is stored somewhere safe in case of an emergency.


 With phishing on the rise, it can be difficult to know which emails you can trust, and which ones may be dangerous. However, knowing how to recognize a phishing scam and being prepared to handle them when they occur are the best ways to keep yourself and your data safe. With this knowledge, continued education, and the proper data security precautions, you can rest assured knowing that you won’t get reeled in by phishing attacks any time soon!