Latest Posts
UPDATE: 🚨 CVE-2025-24054 Is Being Exploited — Patch Windows Now or Get BurnedApple Hit with Back-to-Back Zero-DaysWindows Task Scheduler Flaw: Your Scheduled Nightmare Has BegunPriviledged Access Management Training for IT EmployeesPAN-OS CVE-2025-0128: One Packet, One Big Problem for Your Firewall

How to Spot Phishing Messages

by | Mar 29, 2025 | Resources

Training Brief
 How to spot phishing messages & Report them with the Knowbe4 Phish Alert Button

Download this training brief as a PDF to distribute as part of your employee awareness training.

Download PDF for this Brief

Want to see other training materials?  Reach out to us.

Request Custom Training

Cybercriminals employ sophisticated tactics to breach organizations, but your awareness can thwart them. Learn how to spot phishing emails and use the Outlook “Phish Alert Button” to report threats instantly—protecting yourself, your coworkers, and the entire Company network.

Why Phishing Matters To Everyone.

Phishing isn’t just spam—it’s a threat that can lead to stolen credentials, data breaches, and malware infections. At every company, every employee is on the front line in defending our systems, whether you’re in India or the United States, or China. Whether in the boardroom or the mailroom, your ability to identify and report phishing emails is critical.

What Is Phishing?

Phishing is a form of cyberattack where bad actors pretend to be someone trustworthy—such as a bank, colleague, or vendor—to trick you into clicking on dangerous links, opening infected attachments, or divulging sensitive information. It may appear to be a genuine message, but it’s a trap.

Why it’s dangerous:

  • Exposes personal and company data
  • Installs malware or ransomware
  • Leads to financial fraud
  • Can spread across the organization quickly

How to Recognize a Phishing Email

Watch for these red flags:

Red FlagExamplesYour Action
Urgent or threatening tone“Immediate action required” or “Your account will be closed”Pause and think before acting
Suspicious sender addressLooks odd; unfamiliar domainHover to reveal the real sender info
Deceptive linksThe link text and actual URL don’t matchHover to check before clicking
Unexpected attachmentsEspecially .zip, .exe, or password-protected filesDon’t open—report instead
Generic greeting“Dear Customer” or “Dear User”Be cautious
Poor grammar/spelling“Your acount has been blocked due to unautorised actvity”Report it
Requests for sensitive infoPasswords, SSNs, or credit card numbersNever respond
Offers too good to be trueFree prizes or lottery winsDelete or report
“Via” tag or mismatched domainsFrom name says one thing, actual domain says anotherRed flag—use the Phish Alert Button

Important: Don’t use Outlook’s built-in “Report” or “Junk” buttons for phishing. These don’t notify Company’s security team and bypass our internal threat tracking. Always use the official Phish Alert Button.

Stay Safe Beyond the Reporting Button

Even with the Phish Alert Button, your awareness is our best defense. Remember:

  • Don’t click suspicious links.
  • Never give out passwords via email.
  • Use strong, unique passwords and enable multi-factor authentication.
  • Verify unusual requests by contacting the person directly (not by replying to the email).
  • Trust nobody. That sounds harsh, but the reality is that accounts get compromised, and even trusted colleagues might send you a phishing message.

Every Click Counts

By using the Phish Report Button, you’re not just protecting yourself—you’re protecting your teammates and the organization. Cybersecurity isn’t just the job of IT—it’s something we all contribute to, one email at a time.

Thank you for being part of the solution.

Search