Phishing Email Red Flags: Quick Reference

This is a concise reference card for the most common phishing techniques. Print it, post it near workstations, or include it in employee training materials.

10 Techniques Phishers Use

1. Spoofed sender addresses – Forged email addresses with subtle character swaps (rn for m, 1 for l, .co for .com)
2. Homoglyph URLs – Links using look-alike characters from Cyrillic or Greek alphabets that redirect to fake sites
3. Hijacked real accounts – Messages sent from legitimately compromised accounts, making standard filters useless
4. Personalized targeting – Content pulled from your LinkedIn, social media, or leaked databases to make the message seem relevant
5. HTTPS on fake sites – Phishing sites with valid SSL certificates and padlock icons that mean nothing about legitimacy
6. Manufactured urgency – “Your account will be locked in 24 hours” or “Immediate action required” language designed to bypass your judgment
7. Disguised attachments – Malicious code hidden in PDFs, Word docs, or Excel files that look like invoices or reports
8. Cloned brand emails – Pixel-perfect copies of real emails from Microsoft, Google, DHL, or your bank with swapped links
9. Auto-inserted personal details – Your name, company, or job title pulled from databases and inserted dynamically to look personal
10. Multi-stage trust building – First message is harmless, second builds rapport, third contains the actual attack

What to Do

Before clicking anything, ask:
- Was I expecting this message?
- Is the sender address exactly right?
- Am I being rushed to act?
- Can I verify this through a different channel?

If something feels off:
- Don’t click links or open attachments
- Don’t reply to the message
- Forward it to ForwardToSafety.com for verification
- Report it to your IT team or security contact
- If you already clicked, report it immediately; speed matters

Always:
- Navigate to websites directly instead of clicking email links
- Verify unexpected requests by phone using a number you already have
- Keep macros disabled in Office applications
- Use a password manager so you never type credentials into a phishing page