Security

Phishing Red Flags Checklist

Ten things to check before you click that link or open that attachment.

🎣 All employees⏱ 30 seconds per email👥 Print and share

Phishing is the #1 way attackers get into small businesses. They don't need to hack anything — they just need one employee to click one link. Print this checklist and put it next to every computer. Ten questions. Thirty seconds. Every time.

0 of 10 complete

Before You Click That Link or Open That Attachment

Run through all ten of these on any suspicious email. If you check any box — stop and report it.

Does the sender's actual email address match who they claim to be?Hover over the name — 'FedEx Billing' might send from [email protected]. That's not FedEx.
Was this email unexpected — did you initiate this conversation?Attackers fabricate urgency out of nothing. If you didn't ask for this, be suspicious.
Does the email create artificial urgency? (Your account will be locked! Act now!)Urgency is a manipulation tactic. Legitimate companies give you time to think.
Does the link go somewhere different than what it shows?Hover over any link before clicking. The URL shown in the status bar is where you'll actually go.
Is the domain slightly off? (micros0ft.com, paypa1.com, amazon-account-verify.net)Attackers register look-alike domains. Read the domain carefully, especially the part right before .com.
Does the email ask you to enter credentials on a website?Your bank, Microsoft, and your payroll provider will never email you a login link. Go directly to the site instead.
Does the attachment have an unexpected or double extension? (.pdf.exe, .docx.zip)A file named 'Invoice.pdf.exe' is not a PDF. Never open attachments you weren't expecting.
Does the email ask you to enable macros or 'click enable content'?Malware loves Word and Excel macros. Legitimate documents don't require you to enable anything.
Does the email contain grammar mistakes, odd phrasing, or generic greetings?'Dear Customer' from your own bank is a red flag. Attackers often use translation tools.
Does it ask for payment, gift cards, wire transfer, or sensitive info via email?No legitimate CEO, vendor, or IRS agent will ever request payment via gift card. Ever.

⚠️ Heads upBusiness Email Compromise (BEC) is when an attacker impersonates your CEO or a vendor and requests a wire transfer. Always verify payment requests by phone — call a number you already have on file, not one in the email.

💡 MTDS tipTrain your team. Forward suspicious emails to a designated IT address (like [email protected]) rather than clicking. Create a culture where reporting suspicion is praised, not punished.

Worried your team would fall for a phishing email?

MTDS can run simulated phishing tests through Microsoft Defender and provide targeted training for whoever clicks. No shame — just learning.

Talk to MTDS