Phishing: How to Spot It

  1. How-To Videos and Tutorials
  2. Phishing: How to Spot It

Who is it, really?

Phishing is a stranger tricking you into believing you are talking to someone you know. The attacker wants to take advantage of your sense of familiarity to discourage you from thinking about it, and the attacker will often use urgent language to further discourage critical thinking.

You must double check if it seems like someone you know. But if someone you do not know offers you anything or asks you for anything, you can assume that’s an attack. This is the state of things in 2026.

Email was conceived and developed1 by a bunch of freedom-loving hippies who prioritized communication over security, and all email users have been dealing with unwanted messages from the very beginning2. The situation has steadily, sometimes exponentially, gotten worse over time, and we have been playing catch-up to spammers and scammers all along. Thanks largely to AI, we are currently experiencing a particularly pernicious uptick.

Gmail’s filters block quite a lot of bogus mail, but a few bad messages always get through. And when you consider that all one needs to do is click one bad link to give a bad actor access to our Google workspace, it should be obvious that we all need to be proactive about this.

I wish I could tell you something simple, something that even the non-technical among us would understand. But I’m afraid we’re past the point where that’s even possible. Today, in 2026, we all need to understand what a URL is3 and what a domain name4 is. We need to know how to inspect an email to see who sent it, who really sent it. And if you have enough technical skill to write an email, you have enough to inspect one.

Step 1: Slow Down!

We’re all in a rush these days. Even the smartest and most technical of us will make mistakes, particularly when we’re in a hurry. So slow down. It’s good for your health and it will help you see more clearly.

Step 2: Do not click the link

Do not click the link! Particularly if you’re on your phone. If the device you’re using does not have a mouse, I advise you to never click (or tap) the link at all. Wait until you can open a questionable message on a computer, and then carefully hover your mouse over the link and look at it. Look closely:

https://updates.rnicrosoft.corn/

Step 3: Inspect the URL

What did you see? If you truly looked at it, stopped yourself and focussed, you will have noticed that it does not say microsoft.com. The “m” in “microsoft” and “com” has been replaced with two characters, a lowercase “r” and “n.” If you hovered, you will have noticed that the actual URL does not link to the shown URL; it links to gonna.scamyousohard.corn.

These are just two examples of how easily we can be fooled. The actual number of tricks that can be played on us is infinite.

Step 4: Identify and Google "who owns this domain name"

The domain name is the most important part of the URL. The BSC's main domain name is bsc.coop. The part before the dot is specific to the person or company that owns it, and the part after is the TLD. Once you've identified the domain name you can easily check if it's legitimate or not by entering "who owns bsc.coop" into a search engine, like google. Do that right now. Then search "who owns rnicrosoft.corn" (remember: that's an "r" and an "n" not an "m") If the domain name is legitimate, that will be clear. A fraudulent domain will return vague information at best and will be clearly identified as a scam at worst.

Step 5: Review the sender information

Back to the email: next to your name is a small triangle that, when clicked, will show you some additional sender information. Here you can see the From: and the Reply-to: addresses, and mailed-by, and signed-by and other security related fields, the domains of which should all match.

The graphical view of the Gmail inbox with the inspection panel open showing the mailed-by, signed-by, reply-to and other security related fields

Some of this information can be found on a mobile device, but if you encounter a suspicious email, please open it on your desktop or laptop computer to review it.

If this was a scammer trying to pose as Airtable, the domains wouldn’t match. A scammer could put “airtable.com” somewhere in their URL, maybe like so… airtable.com.scam.rz but it’s only real if it ends with airtable.com . That’s very important to understand: it’s the final bits that matter in a URL.

Step 6: Report it!

Once you've established that it is a phishing email and not spam (spam are unwanted advertisements/phishing is an attempt to deceive you) report it! In Gmail, click the three dots in the upper right corner of the message and select "Report phishing."

The "more" menu in gmail opened to show all of its options, including "Report phishing" and "Report spam"

Good job!

Further reading: URLs, Domains, and TLDs
https://developer.mozilla.org/en-US/docs/Glossary/URL
https://developer.mozilla.org/en-US/docs/Glossary/Domain
https://developer.mozilla.org/en-US/docs/Glossary/TLD

Further reading: Spotting and Avoiding Phishing Attacks
https://oit.utk.edu/security/learning-library/article-archive/spotting-and-avoiding-phishing-attacks/
https://consumer.ftc.gov/articles/how-recognize-avoid-phishing-scams

Trust your gut! (mostly)

Entertain your suspicions, but don’t let them run away unchecked. Or to put it another way: Love with your heart, but use your brain for everything else5.

References:

  1. https://en.wikipedia.org/wiki/History_of_email
  2. https://en.wikipedia.org/wiki/History_of_email_spam
  3. https://developer.mozilla.org/en-US/docs/Learn_web_development/Howto/We…
  4. https://developer.mozilla.org/en-US/docs/Learn_web_development/Howto/We…
  5. https://www.youtube.com/@CaptainDisillusion