Phishing

In this lesson, we will learn how to spot and avoid phishing—one of the most common ways attackers try to steal your information. Phishing uses fake emails, messages, or websites that look real to trick you into giving away passwords, money, or personal data.

By:

Andrew Sinja

Instructional Designer

LinkedIn →

📘 Description

Phishing tricks come in many forms: emails that look like they’re from your bank, text messages claiming urgent action is needed, or fake login pages that steal your credentials. This lesson covers how to recognise phishing, practical checks to make before you click, and steps to take if you suspect a message is malicious.

This lesson will cover:

Common phishing signs and tactics
Real-world examples you might see every day
How to respond safely if you receive a suspicious message

✅ Learning Objectives

By the end of this lesson, you will be able to:

Identify common signs of phishing messages.
Verify whether a message or website is legitimate.
Take immediate, safe actions when you encounter a suspected phishing attempt.

🗂️ Main Content

Common Signs of Phishing

Unexpected or urgent requests: Messages that pressure you to act now (e.g., “Your account will be closed!”).
Generic greetings: “Dear customer” instead of your name.
Suspicious sender address: The display name may look right but the email address is slightly off (e.g., support@yourbank-security.com).
Poor spelling and grammar: Many phishing messages contain mistakes or awkward phrasing.
Strange links or attachments: Links that don’t match the visible text, or unexpected files attached.
Requests for sensitive info: Legitimate organisations rarely ask for passwords, PINs, or full ID by email or text.

Examples You Might See

An email that looks like your bank asking you to “verify your account” via a link.
A text message claiming you have a missed delivery and asking you to click a tracking link.
A social media DM from an account impersonating a friend with a suspicious shortened link.
A fake login page that mirrors a real service to capture your credentials.

How to Verify Messages and Links

Don’t click links right away. Hover over the link to see the real URL (on mobile, press and hold).
Check the sender address carefully — small differences matter.
Open the website directly by typing the company’s known web address into your browser instead of using the link.
Look for HTTPS and the padlock on pages that ask for login info (but remember HTTPS alone doesn’t guarantee safety).
Use official apps (banking, delivery) rather than links in messages when possible.
Ask the sender directly (via a known contact method) if you’re unsure — not by replying to the suspicious message.

What to Do If You Think It’s Phishing

Do not click links or download attachments.
Report the message to your IT team or email provider (many services have “report phishing” options).
If you entered credentials on a suspicious page, change your password immediately and enable MFA.
If you provided financial info, contact your bank right away and monitor your accounts.
Delete the message after reporting it.

📝 Summary

Phishing relies on urgency, disguise, and trust. By pausing before you click, checking sender details and links, and using direct channels to verify requests, you can avoid most phishing attempts. Reporting suspicious messages helps protect everyone.

🎯 Next Steps

The next time you get an unexpected message asking for action, pause and apply the checks above.
Enable MFA on accounts so stolen passwords are less useful to attackers.
Share one phishing tip with a friend or colleague today to help them stay safe.

📘 Description​

✅ Learning Objectives​

🗂️ Main Content​

Common Signs of Phishing​

Examples You Might See​

How to Verify Messages and Links​

What to Do If You Think It’s Phishing​

📝 Summary​

🎯 Next Steps​