Learn
Short, plain-language guides. Start at the top.
- How to Not Get GotYou don't need to be a security analyst to dodge almost all phishing. You need a handful of habits. This is the 80/20 — the few checks that catch the …
- Checking a domain: reputation (VirusTotal) and ownership (WHOIS)Once you've found the domain in a sender address or link (see Reading domains and URLs), you can look it up before trusting it. Two free tools do almo…
- Dangerous files, macros, and the "paste this command" trickSpotting a bad email is only half the battle. Many attacks are designed to walk you — often through a few clicks and redirects — to one final step: ge…
- Looking deeper: URLScan and WhereGoesSometimes the domain alone doesn't settle it — the link is a shortener (bit.ly/…), or a "Click here" button whose real destination you can't see, or a…
- Reading domains and URLs (the one skill that catches most phishing)If you only learn one thing here, learn to read a web address. Almost every phishing attack falls apart the moment you can answer one question: who re…
- Who really sent this? Senders, sending services, and content vs. contextEmail was built in a more trusting era, and it shows: a lot of what looks like "proof" of who sent a message is actually trivial to fake. This guide c…