How to spot a phishing email before it costs you

June 24, 2026

Phishing is a fake message designed to trick you into clicking a bad link, handing over a password, or paying a fake invoice. It’s the number-one way small businesses lose money online. The good news: most attempts share the same tells.

Five red flags

Urgency and fear. “Your account will be closed in 24 hours.” Pressure is designed to make you act before you think.
A mismatched sender. The name says “Microsoft” but the actual email address is a random string. Hover over the sender to see the real address.
Links that don’t match. Hover over a link (don’t click) and check the address that appears. If it’s not the real company’s website, delete it.
Unexpected attachments. Invoices, “receipts,” or “shipping labels” you weren’t expecting can carry malware.
Requests to change payment details. A supplier suddenly emails new bank details? Always confirm by phone using a number you already have.

The one rule that saves you

Slow down and verify through a separate channel. If an email asks for money, passwords, or a change to anything sensitive, don’t reply to it — contact the person or company directly using a phone number or website you already trust.

If you think you clicked

Change the password for that account immediately (and anywhere you reused it).
Turn on two-factor authentication if it isn’t already.
Tell your bank if any payment or card details were involved.

Staying calm and verifying is 90% of the defense.

Want help putting this into practice?

I can review or set this up for your business.

Work with me →