TickYouOff
Sign in
Back
🎣

Phishing Email ID

Easy 14 items · 15 min
testuser's avatar
testuser Published 4 weeks ago
Technical

This checklist helps anyone quickly identify and respond to phishing emails. It covers inspecting sender addresses, links, attachments, urgency signs, and the correct reporting steps. Ideal for employees and everyday users who want simple, practical defenses.

Progress
0 / 14
  1. Inspect sender address — Compare the display name with the actual email address and watch for misspelled domains.
  2. Check reply-to address and headers — View full headers to see the true sending server if the address looks odd.
  3. Look for generic greetings and unexpected tone — Be suspicious of vague salutations or messages you weren't expecting.
  4. Examine links and domains — Do not click links; inspect the full domain and path for subtle typos or extra words.
  5. Hover links to reveal the URL — On desktop, hover; on mobile, long-press to preview. Never tap if the preview looks suspicious.
  6. Copy link and paste into a text editor or safe browser tab — Check for extra characters, subdomains, or misleading paths before visiting.
  7. Handle attachments cautiously — Treat unexpected attachments as unsafe, especially .exe, .zip, .scr, or Office files with macros.
  8. Scan attachments with antivirus or upload to an online scanner — Use your security tools or services like VirusTotal before opening files.
  9. Avoid enabling macros or running executables — Never enable macros or run downloaded programs from unverified emails.
  10. Verify requests for credentials or money through known channels — Contact the sender using official phone numbers or website contact forms, not reply.
  11. Watch for urgency and fear-based language — Phishers pressure you to act now; treat time-sensitive threats as suspicious.
  12. Confirm unexpected or unusual messages with the sender — Use a separate trusted contact method to validate the request.
  13. Report the phishing email to IT, security team, or provider — Include full headers and the original message when possible.
  14. Mark the message as phishing, block sender, and delete the email — Quarantine the message to prevent further exposure and remove it from your inbox.
Sign in to save
📝 My Notes