MSP
SR/EN
Book an audit
Part of INTO d.o.o. · www.into.rsintomsp.com
// Security

Email phishing: 6 signs of a scam everyone in the company should know

24 June 2026 · 6 min read

Phishing no longer looks like a badly translated message full of errors. Today it arrives convincing: the right logo, a colleague's name, an urgent tone. But even the best-built scam gives itself away through patterns anyone can learn to recognize. The following six signs aren't technical — they're things any employee can spot in five seconds, before clicking.

1. Urgency and threat

Phishing is almost always in a hurry. "Your account will be locked in 24 hours," "confirm immediately," "final warning." The goal is to make you react before you think. The rule: the more an email rushes you, the more you slow down. Serious institutions don't force you to click urgently under threat.

2. A sender address that "almost" matches

The display name can be faked, so look at the real address, not the shown name:

  • Tiny changes in the domain (a swapped letter, an added word, a different ending).
  • A known company, but from a free email account (e.g. "your bank" from a generic address).
  • An address that has nothing to do with the company in the signature.

One look at the real address exposes a large share of scams.

3. A link that leads somewhere else

The link text and its actual destination aren't the same thing. Before clicking, hover over the link (on a phone, press and hold) and see where it really goes. If the displayed text says one thing and the destination another — or the address is strange and long — that's a red flag. When in doubt, open the site manually by typing the address, rather than through the link.

4. An unexpected attachment or login request

Two classic traps:

  • An attachment you didn't ask for, especially if it pushes you to "enable content" or macros.
  • A page that asks you to log in (password, code) after you click a link from the email.

You always do a real login by going to the known site yourself, not through a link in a message. Legitimate attachments rarely require you to manually turn off protection.

5. An unusual request from an "authority"

An increasingly common form of scam asks not for a click but for an action: a fake email "from the director" requests an urgent payment, a change to a supplier's account number, or gift cards. It gives itself away through a mix of urgency, secrecy ("don't talk to others") and bypassing the usual procedure. The company rule should be clear: payment orders and account changes are confirmed through another channel (phone, in person), never on the basis of an email alone.

6. Small details that "stick out"

When nothing obvious gives the scam away, watch the tone and context:

  • A greeting that doesn't fit (a generic "Dear customer" instead of your name).
  • A style that doesn't sound like the person supposedly writing.
  • A request that makes no sense in your real business context.

The feeling that "something here isn't right" is a valuable signal — don't ignore it just because the email looks tidy.

What to do when you're suspicious

Suspicion isn't a problem, it's a good defense. A practical procedure:

  • Don't click and don't reply.
  • Confirm through another channel — call the person or company on a known number.
  • Report it to IT or your partner; if the scam reached you, it probably reached your colleagues too.

The best protection against phishing isn't an expensive tool, but a team that knows what to look for. Technology catches a large part, but the last click is always human. The six signs above aren't hard to remember — and one second of attention before clicking is worth more than any cleanup afterward.

← All resources