Tips to Spot and Avoid Phishing Attacks

Ideally, you'll recognize a phishing attempt before you enter your password or bank account details. But many people don't.

You're familiar with the scene: clicking through emails to try and clear out your inbox – or at least reduce the "unread" messages total from 1,343 to somewhere in the triple digits – and you encounter an email from your credit card company or your IT department. Or maybe it's from your favorite social media platform.    

Or maybe it's even more thrilling, and the email claims you've just won something super neat. All you need to do is enter a few pieces of personal information to secure your prize/confirm your identity/access your account.    

But you haven't won anything, except maybe an all-expenses-paid trip to your IT department.    

Ideally, you'll recognize a phishing attempt before you enter your password or bank account details. But many people don't.    

No matter how savvy we are, those nefarious folks behind the phishing scams are clever, too. They do a fine job making their emails look legit, using the correct logos and URLs that look so close to the real thing that we don't pick up on the extra letter in

Tips to Spot and Avoid Phishing Attacks:

  1. Look for Typos

Phishing emails often contain typos and wonky grammar, so give the email a read and see if you notice anything amiss. Besides, it's good practice to test out your grammar and proofreading skills.

  1. Check the "Sent From" Email Address

Who sent the email? Do you recognize the sender? Sometimes the email address is clearly unrelated – a sure tell of a phishing scam if we take a second to look. But sometimes, it’s not so obvious. Check the address for typos or an extra character that isn't supposed to be there. Is it an email from or  

  1. Don't Click Any Links

If the email prompts you to click a link, don't do it. If the email is from American Express, for example, and it provides a link – ignore it. Instead, open your browser, go to the American Express website, and navigate to where the email is instructing you to go. You'll likely find your account is just fine. 

  1. Confirm Internal Emails

Phishing scammers don't just mimic external entities – they might even claim to be part of your company. If an email purports to be from your IT team or administrator, check with your IT help desk to confirm.  

  1. Notify Your IT Team

If you think you have received a phishing email, don't click on it. Take a screenshot (don't forward the email, which might prompt the recipient to click the link you've so smartly avoided) and share it with your IT team. They can look at it and determine the best course of action to keep your organization secure.  

A little sleuthing goes a long way in keeping your data and your company's data secure. While there's no prize for your efforts, security itself is a big win.  

If you have any questions about your company’s cyber security, please reach out. We would be more than happy to help.  

Brian Gagnon

Brian is a seasoned technologist boasting 25 years of expertise in crafting, expanding, and refining business ecosystems. His journey in the tech landscape has seen him at the helm of Global Systems Engineering at HGST/Western Digital, shaping strategies as a global architect at VMware, and founding and steering tech companies towards success.

Latest Posts


Listen to Brian Gagnon, CTO of Uprise Partners, about getting started with AI in your business.


Learn about IT infrastructure upgrade timelines for SMBs & Uprise's expert support for seamless upgrades for competitiveness, security, and efficiency.

Uprise monthly newsletter —
Get our latest news and updates!