Phishing attempts often create pressure by using urgent deadlines, threats, or fear-based language to push quick decisions before you have time to verify the message.

Be cautious of unfamiliar links or unexpected files. Phishing attempts often try to get you to click or download quickly.

Attackers imitate legitimate senders. Check for misspelled domains, mismatched names, and unexpected external contacts.

Poor grammar, unusual tone, unexpected requests, or inconsistent branding can signal phishing. Trust your instincts.

Phishing messages often ask for passwords, login codes, financial details, or other sensitive data. Legitimate organizations rarely request this through email or chat. Verify through an official channel before sharing anything.

Pause and inspect links, attachments, and sender details. Hover over URLs to preview where they lead, confirm the source, and ask yourself if the request makes sense.

Fake websites mimic real ones to steal your credentials. Always check the URL carefully for subtle misspellings, extra characters, or wrong domains before entering any login information.

Emails warning of suspicious logins or locked accounts are a common phishing tactic. Do not click links in these messages — go directly to the official website or contact IT support to verify.