Email

How to Spot a Phishing Email Before It Causes Damage

Phishing emails are the leading cause of business data breaches. Here's how to train your team to spot them — including the new AI-powered phishing that's much harder to detect.

Phishing — fraudulent emails designed to trick recipients into revealing credentials or downloading malware — is responsible for 90% of data breaches. Modern phishing emails look professional, come from spoofed or compromised accounts, and are increasingly targeted at specific individuals. Your first line of defense is a team that can recognize them.

Classic Phishing Red Flags (Still Relevant)

  • Generic greeting: 'Dear Customer' instead of your name
  • Urgent language: 'Your account will be suspended in 24 hours'
  • Mismatched sender domain: Display name says 'Microsoft Support' but the email is from a Gmail address
  • Suspicious links: Hover over the link — the actual URL doesn't match where it claims to go
  • Unexpected attachments: Especially .zip, .exe, .docm, or .xlsm files
  • Poor grammar and spelling: Less common now but still present in lower-quality attacks

AI-Enhanced Phishing: The New Threat

AI has made phishing dramatically harder to detect. Attackers now use AI to write flawless, personalized emails that reference your company name, recent news about your business, or your colleagues' names. These spear-phishing emails often come from compromised legitimate accounts — so there are no domain spoofing red flags.

The Golden Rule

When any email asks you to click a link, open an attachment, provide credentials, or transfer money or gift cards — stop and verify through a different channel. Call the sender directly using a phone number you find independently (not one in the email). This single habit prevents the vast majority of successful phishing attacks.