It starts with a sense of urgency. "Your account has been locked." "Your payment failed." "Update your password immediately."

Phishing relies on social engineering—hacking the human, not the machine. Attackers manipulate fear and urgency to make you click before you think.

The Anatomy of a Phishing Email

1. The "From" Address

Look closely. Is the email from support@amazon.com or support-amazon@secure-server-rec.com? Hackers often use spoofed domains that look similar at a glance.

2. Generic Greetings

"Dear Customer" or "Dear User" is a red flag. Legitimate service providers usually know your name.

3. The Hover Test

Never click a link blindly. Hover your mouse over the button. Does the URL match the company? If the email says "PayPal" but the link goes to bit.ly/xyz123, do not click it.

Spear Phishing vs. Spray and Pray

Spray and Pray: Attackers send 1 million emails hoping 10 people fall for it. These are usually easy to spot (bad grammar, generic).
Spear Phishing: Targeted attacks against you. The attacker knows your name, your job title, and maybe even your boss's name.

What to Do If You Clicked

Disconnect: Turn off Wi-Fi immediately.
Change Passwords: Use a different device to change your passwords.
Enable 2FA: Two-Factor Authentication can save you even if they have your password.

A Better Way to Share Links

Sometimes legitimate emails get flagged as phishing because they contain weird links. When sharing sensitive data with clients, don't just paste it in an email body where it can be scanned.

Use Snapsend. Send a burn-on-read link. This confirms to your recipient that you care about security, and ensures that the sensitive data isn't sitting in a permanent email archive vulnerable to future phishing breaches.