Spot a phishing email — three quick checks
Modern phishing is grammatically perfect and the sender often looks right. Three habits that catch most of them.
- Hover before you click. Hover over any link without clicking — the actual URL pops up. If it’s a different domain to what the link text says, it’s phishing.
- Look at the actual sender address. Not the display name — the bit in angle brackets after it. [email protected] is not Microsoft.
- Question the urgency. “Your account will be suspended in 24 hours”, “Sign this NOW”, “Send a wire today before the boss notices” — urgency is the manipulation, every time.
- When in doubt, don’t click. Forward the email to [email protected] — we’ll confirm in minutes.
- Microsoft Defender will quarantine confirmed phishing automatically — if a real email gets blocked, it’s in your Defender quarantine for 30 days.
Still stuck after those?
You’ve done the right thing by trying. Send whedo.it a quick note — what you tried, what you saw — and a senior pair of eyes will be on it the same business day.