Whether it be your personal or business inbox, a lot of junk mail filters through. The problem is that cybercriminals are becoming increasingly adept at creating scam emails that don’t scream "junk." Instead, they scream to be clicked on and acted upon. This is the ever-evolving nature of phishing emails– tactics ranging from impersonating people within your organization to large companies like Amazon or Microsoft, lying in wait for a misinformed click on a bad link.
With such a wide array of tactics and a constant barrage of malicious email, cybercriminals rely on even the most well-informed and tech-savvy people making a simple mistake. They can catch you on a stressful day with a compelling fake Apple Support email, or trip you up by trying to appease a boss whose email was compromised and is now demanding a fund transfer.
The good news: no matter the format or setting, the same inbox best-practice standards can thwart any phishing attempt. Here are five tips to keep in mind as cybercriminals gear up to catch you off guard.
1. Always Double-Check the Sender
Phishing emails often look like they come from someone familiar—until you look closer. For example:
Name: Microsoft Billing
Actual email: [email protected]
What to do: Hover over the name or tap the sender to view the full email address. If the domain doesn’t match what you expect—or looks suspicious in any way—don’t trust it.
2. Watch Out for Fake Urgency
Phishing emails often try to rush you into clicking:
“Your account will be suspended in 24 hours.”
“Payment overdue—click here immediately.”
That’s because panic makes you move fast… without thinking.
What to do: Pause. Legitimate companies don’t threaten you via email. If it feels urgent and unexpected, verify through another method—like calling the company or checking your account manually by typing in their web address, not clicking the link!
3. Hover Over Links Before Clicking
Phishing emails hide bad links behind good-looking text. The link might say “View Invoice,” but when you hover over it, it leads to a totally different (and dangerous) site.
What to do: Hover (or tap and hold on mobile, carefully) to preview where the link goes. If the domain looks weird—don’t click it.
4. Look for Grammar and Formatting Mistakes
Even the best-looking scam emails often include:
Typos
Awkward grammar
Strange formatting or off-brand colors/logos
What to do: If something feels “off,” trust your gut. Even if the sender looks right, a weird tone or mistake could mean the account itself was compromised.
5. Never Trust Email Alone for Sensitive Requests
This one’s essential. If someone asks you to:
Update your password
Transfer money
Change banking info
Click a login link.
Stop immediately.
What to do: Always verify these requests another way—call the person, text them, or use a bookmarked site to log in directly. Never rely on an email alone for anything sensitive. Here at Foresight IT, we even include a reminder in our own invoices:
“Payment fraud is on the rise. Do not accept changes to bank or wire instructions based solely on an email. Always verify using out-of-band contact.”
It only takes a few seconds to click a malicious link and have your account or identity compromised. Luckily, it also only takes a few extra seconds to verify a sender or double-check a link before taking action. Now that you know what to look for, you’re better equipped to spot phishing attempts before they do damage.
At Foresight IT, we also help our clients train and test their teams with realistic phishing simulations and security reminders. If you’d like to see how your business—or even your own email habits—would hold up, we’re happy to share what we’ve learned.
