Phishing & Social Engineering
Phishing is the most common way attackers break in. A phishing message pretends to be someone you trust — a coworker, your bank, a vendor, or even your boss — to trick you into clicking a link, opening an attachment, or sharing credentials.
Attackers create urgency ("your account will be closed"), curiosity ("see who viewed your profile"), or fear ("unpaid invoice attached") to make you act before you think. Social engineering can also happen by phone or text ("smishing" and "vishing").
Before you click, slow down and verify. Hover over links to see the real destination, check the sender's full email address, and confirm unusual requests through a separate, known channel — never by replying to the suspicious message.
Key points
- Urgency and fear are red flags — slow down and verify.
- Hover to preview links; check the full sender address.
- Confirm money or credential requests through a known channel.