Phishing & Scams
Phishing has changed. Messages can look perfect. Your safest defense is a simple verification habit.
The new reality
In 2026, phishing emails and texts may be well-written, personalized, and convincing. Grammar is no longer a reliable clue.
Instead of trying to “spot perfection,” focus on the patterns that show malicious intent: urgency, unusual requests, and pressure to act quickly.
Treat unusual requests as ‘verify’ moments
Any request involving money, account access, gift cards, passwords, or one-time codes should trigger verification.
Verification means using a separate, trusted channel: call a known number, use an official app, or speak in person. Don’t reply directly to the message.
A calm response plan
If you clicked a link or opened an attachment, don’t panic. Close it, run a device scan if you have one, change your password for the affected account, and enable MFA.
If personal or financial information may have been shared, contact the institution through official channels.
Quick Visual Guide
What You Should Do Today
- Pause when a message feels urgent or high-stakes.
- Do not click unexpected links—open the website/app yourself instead.
- Never share one-time codes (they’re often used to hijack accounts).
- Verify unusual requests by phone or in person using a trusted number.
- Report and delete suspicious messages.
Want the deeper framework?
The book goes deeper on modern phishing patterns (including AI-generated messages), and provides step-by-step verification routines you can use at home.
