Phishing emails have gotten much harder to spot. The old "Nigerian prince" gag is long gone. Today's bad emails look like a normal note from your bank, your bookkeeper, a vendor, or even Henry. They use real logos. They quote real recent events. They are designed to make you click first and think second.
The good news is that almost every phishing email leaks at least one small tell. If you know the seven signs below, you can stop most of them cold before they do any harm.
Why this matters for you
One bad click can hand over your email password, your bank login, or your business files. We see it most often when someone is busy, behind on work, and tries to clear the inbox quickly on a phone. Spending ten seconds on the seven checks below is a lot cheaper than a recovery weekend.
The 7 signs to check before you click anything
-
1. The sender address does not match the display name.
The display name might say "Wells Fargo" or "Amazon Support" but the actual address ends in something like @secure-msg-mail.io. Click the sender name. If the real address looks weird, treat the email as suspicious.
-
2. There is a sense of urgency you did not expect.
"Your account will be closed in 24 hours." "Click immediately to avoid suspension." Real businesses give you days, not minutes. Fast pressure is one of the biggest red flags.
-
3. The greeting is generic or oddly specific.
"Dear Customer" is common. So is "Dear <your full legal name>" pulled from a data leak. Either one is worth a second look. Real notes from people you work with usually use the name they actually call you.
-
4. The link does not match what it says.
On a desktop, hover the link without clicking. The real URL pops up at the bottom of the browser or email. If the visible text says "amazon.com" and the hover shows "amaz0n-billing-secure.ru", that is a phishing link. On a phone, press and hold the link to preview the real address.
-
5. There is an attachment you did not ask for.
Unexpected Word, Excel, PDF, or ZIP attachments are a top way for malware to enter a home or office. If you did not request it and the sender did not warn you it was coming, do not open it.
-
6. The email asks for credentials, codes, or wire details.
Banks, the IRS, and reputable vendors do not ask for passwords, full account numbers, or two-factor codes by email. If a real company needs to verify something, you can always call them at the number on the back of your card.
-
7. The writing is slightly off.
Small grammar mistakes, odd capitalization, or formatting that does not match the company's normal style are common in phishing. Even when the email looks polished, one strange phrase can be the tell.
If you are not sure, do this
- Do not click any link or open any attachment.
- Do not reply directly to the email. A real reply only confirms the address is live.
- Open a new browser tab and type the company's website by hand if you want to check the account. Do not use a link from the email.
- Call the company at a phone number you trust from a statement or the back of your card. Not the number in the suspicious email.
- Forward the email to Henry if you want a second set of eyes. Send it to henry@dunhamcomputers.com, then delete it.
When to call Henry
Call (912) 455-2207 right away if:
- You already clicked a link and entered any credentials.
- You opened an attachment and the computer is now acting strange.
- A vendor or coworker is asking you to send money or change wire details by email.
- You think your email password has been used elsewhere.
We will walk you through the next steps in plain language, help you change the passwords that matter most, and check the computer for follow-on activity. The faster we look, the smaller the cleanup.
Forward suspicious emails to henry@dunhamcomputers.com and call (912) 455-2207 before clicking.