Phishing emails are designed to catch you off guard not to outsmart a security analyst. The good news is that most of them fall apart the moment you slow down and check a few simple things.
Here are five habits that will protect you from the overwhelming majority of phishing attempts, no technical knowledge required.
1. Never click a link but instead hover or long-press first
On a computer, hover your mouse over the link and look at the preview that appears at the bottom of your browser. On your phone, long-press the link to see where it actually leads.
If the email claims to be from Google but the link goes to g00gle-verify.xyz, that's your answer. Real companies use their real domain, every time.
2. Watch out for generic greetings
"Dear Customer." "Hello User." "Dear Valued Member."
Legitimate companies you actually do business with know your name and use it. Scammers send the same email to thousands of people at once, so they keep greetings vague on purpose.
3. Don't let urgency push you into action
"Your account will be suspended in 24 hours." "Pay this fine now or face legal action." "Unusual sign-in detected, verify immediately."
Urgency is the scammer's favourite tool because it stops you thinking. Whenever an email tries to rush you, that is exactly the moment to slow down. A real bank, employer, or government agency will give you time and proper channels to respond.
4. Google the sender before you trust them
Copy the sender's email address, the company name, or a distinctive phrase from the message and paste it into Google. Most active scams have already been reported on forums, news sites, or consumer-protection pages. If others have been caught by the same message, it will usually show up in seconds.
5. If you weren't expecting it, ignore it
This is the single most important rule. Unexpected invoices, refunds, delivery notices, password resets, prize notifications, or "urgent" messages from people you don't know . If you didn't ask for it, you probably don't need it.
Delete the email. If you're worried it might be real, go directly to the company's website or app yourself (don't use the link in the email) and check your account there.
The bigger picture
Phishing works because it exploits trust, urgency, and routine not because the attackers are technically brilliant. These five habits remove the advantage scammers rely on.
If you'd like an extra layer of protection that checks every email for you automatically, inboxxray analyses your inbox in the background and flags suspicious messages before you have to decide.
Stay safe out there.