Phishing Explainer

How to recognise phishing yourself

The anatomy of a phishing message

Almost every phishing attempt combines three ingredients: a trigger (urgency or fear), a disguise (a familiar brand or authority), and an action (click a link, enter data, pay). When you see all three together in an unexpected message, treat it as hostile until proven otherwise.

Read the domain right-to-left

The real destination of any link is the part just before the first single slash, read from right to left. In paypal.com.secure-login.ru/account the real domain is secure-login.ru — "paypal.com" is only a subdomain designed to reassure you. This single habit defeats most link-based phishing.

Legitimate companies never ask for secrets by message

Banks, postal services, social networks, and email providers will never ask for your password, OTP code, PIN, or card CVV via email or SMS. This rule has zero exceptions. Any message that does is phishing, no matter how official it looks.

Urgency is a manipulation tool

"Your account will be suspended in 24 hours", "act now", "final notice" — urgency exists to make you act before you think. Real organisations give reasonable notice and multiple contact channels. When a message rushes you, slow down.

Verify through a separate channel

If a message claims to be from your bank, don't use its links or phone numbers. Open the official app or type the known website address yourself. If it claims to be a person you know, contact them another way. A 30-second check beats a drained account.

What this tool can and cannot do

This Explainer detects known structural and linguistic patterns of phishing: deceptive domains, urgency wording, credential requests, brand mismatches, and more. It is deliberately transparent about its reasoning so you learn. But it cannot guarantee safety: a well-crafted attack may show few signals, and a legitimate-but-clumsy message may show some. Use it as one layer of judgement, never as the only one.