Phishing is not just the badly spelled email from a mystery prince anymore. Modern scam emails can look like invoice reminders, Microsoft password alerts, shipping updates, voicemail notifications, HR forms, payment requests, or messages that appear to come from a boss.
The goal is usually simple: get someone to click a link, open a file, enter a password, approve a payment, or share private information. A scam works when the message creates pressure before the person has time to think.
Common phishing pressure signals
The more pressure a message creates, the more carefully it should be checked.
Check the sender, not just the name.
Attackers know people trust familiar names. The display name might say Microsoft, QuickBooks, Dropbox, a vendor, or someone inside your company. Look at the actual email address, not just the name shown in the inbox.
Watch for small changes: extra letters, strange domains, numbers replacing words, or addresses that do not match the company. A message from a real vendor should usually come from that vendor's real domain, not a random personal account.
Hover before you click.
On desktop, hover over a link before clicking to see where it actually goes. On mobile, press and hold carefully to preview the destination. If the link address looks unrelated, shortened, misspelled, or unnecessarily complicated, do not use it.
The safer habit is to open a fresh browser tab and go to the service directly. If the email says there is a billing issue, sign in through the official website instead of the email link.
Be careful with attachments.
Invoice PDFs, shared documents, spreadsheets, and voicemail files are common bait. If you were not expecting the file, verify it through a separate channel before opening it. That means call the sender, start a new email thread, or check through the official portal.
Do not enable macros or extra permissions just because a document tells you to. That is a major warning sign.
Slow down payment and password requests.
Any message asking for a password reset, gift card purchase, wire transfer, direct deposit change, vendor bank change, or urgent payment deserves extra review. Scammers use urgency because they do not want a second person looking at the request.
If money, passwords, private records, or client information are involved, verify through a second trusted channel before acting.
What to do if something feels wrong.
- Do not click links, download files, or reply with private information.
- Take a screenshot or forward the message to your support contact.
- If you already clicked, disconnect from the account, change the password from a safe device, and report it quickly.
- If payment or customer data may be involved, escalate immediately.
Need help reviewing suspicious email habits?
Point can help teams create safer intake, support, and training workflows around phishing and access.