Spot a phishing email
Most phishing fails a few simple tests. Run them before you click, reply or download anything.
- Check the real sender address, not the display name — hover or tap the name to reveal the actual address.
- Watch for a mismatch between a trusted brand name and an odd domain like micr0soft-support.com.
- Be suspicious of urgency and threats — ’your account will be closed in 24 hours’ is manufactured pressure.
- Hover over any link (don’t click) and read where it actually goes.
- Never open an unexpected attachment, especially anything asking you to enable content or macros.
- When unsure, contact the sender through a number or site you already know — not the details in the email.
Still stuck after those?
You’ve done the right thing by trying. Send whedo.it a quick note — what you tried, what you saw — and a senior pair of eyes will be on it the same business day.