Learn to Recognize Phishing — Guide for Employees
Over 90% of all successful cyberattacks start with a phishing email. Yet in most companies, 20–40% of employees click on simulated phishing links. This guide changes that.
The 7 Most Important Warning Signs
1. Unusual Sender
Check not just the displayed name, but the actual email address. Phishing emails often use addresses like support@micr0soft-security.com.
2. Time Pressure and Urgency
“Your account will be locked in 24 hours” or “Immediate action required” are typical phishing patterns.
3. Suspicious Links
Hover over a link (without clicking!) and check the URL. Links like microsoft-login.suspicious-site.com don’t lead to Microsoft.
&x26A0 Beware of Shortened URLs
Services like bit.ly hide the real destination. Shortened URLs have no place in business emails.
4. Unexpected Attachments
Don’t open attachments you weren’t expecting — especially .exe, .zip, .js, or .docm files.
5. Generic Greeting
“Dear Customer” instead of your name? Legitimate providers typically use your name.
6. Poor Language
Caution: AI is making phishing emails increasingly error-free. Don’t rely solely on language quality.
7. Data Entry Requests
No legitimate organization asks for your password via email. Go directly to the official website through your browser.
✓ The 4-Step Rule
1. Don’t click. Neither links nor attachments.
2. Don’t reply.
3. Report. Forward to your IT department.
4. Delete. Remove after reporting.
How Phishing-Proof Is Your Team?
Find out — free, in 30 days, with a realistic simulation.
Start free training →