How to Spot a Phishing Email: A Quick Guide

Phishing emails try to trick you into revealing personal information, downloading malware, or clicking fake links. Here’s how to stay sharp:

Red Flags in the Email Itself

1. Suspicious Sender Address

• Double-check the From field.

• Look out for typos or strange domains (e.g., @sunstoneway.support.net instead of @sunstoneway.org).

2. Generic Greetings

• Phishing emails often use "Dear user," "Valued customer," or no name at all.

• Legitimate internal messages should use your actual name.

3. Spelling and Grammar Errors

• Many phishing attempts come with obvious mistakes.

• Be extra cautious if the tone or grammar feels off.

4. Unexpected Attachments or Links

• Don’t open files or click links you weren’t expecting.

• Hover over links to see the actual URL – if it looks weird or doesn’t match the sender, don’t click.

Tactics Phishers Use

1. Urgency or Threats

• “Your account will be deactivated in 24 hours!”

• “Unusual login detected – act now!”

2. Too Good to Be True

• “You’ve won a gift card!”

• “Here’s your bonus – just fill this form!”

3. Impersonation

• Pretending to be an exec, HR, IT, or even a coworker.

• Always verify via other channels (Slack, phone, etc.) if unsure.

What to Do If You’re Unsure

1. Don’t click or download.

2. Report it immediately to the IT Department.

3. Mark it as phishing in your email client if it gives the option.

4. When in doubt, ask! A quick message to IT could prevent a breach.

✅ Stay Safe with These Habits

• Enable 2FA (Two-Factor Authentication) where possible.

• Regularly update your passwords.

• Don’t reuse the same password across systems.

• Take a moment to pause and verify suspicious requests—even if they seem to come from someone you know.