How to Recognize Phishing Scams (Before You Get Hacked)

January 20, 2026

You get an email from your bank. It says there's a problem with your account. Click this link immediately to fix it. You click. You enter your password. Congratulations—you just gave a hacker everything they need to steal your money. That's phishing. And it's the number one way people get hacked. Here's how to spot it before it's too late.

What Is Phishing?

Phishing is when scammers pretend to be someone you trust to steal your passwords, credit card numbers, or personal information. They send fake emails that look real. They create fake websites that look identical to the real ones. They trick you into giving them your information voluntarily. The scary part? These scams look incredibly convincing. Even tech-savvy people fall for them.


The Warning Signs of a Phishing Email

Here's how to spot a fake email before you click anything:


1. They Want You to Act Fast

Red flag phrases:

  • "Your account will be closed in 24 hours!"
  • "Immediate action required!"
  • "Verify your account NOW!"
  • "Suspicious activity detected—click here!"


Real companies don't panic you into clicking links. Scammers do this because they don't want you thinking clearly.


What to do: If an email makes you feel rushed or scared, stop. Don't click anything. Go directly to the company's website by typing the address yourself (don't click links in the email).


2. Check the Sender's Email Address Carefully

This is the easiest way to catch fakes. Look at the email address it came from. Not the name—the actual email address. A real email from Netflix looks like: account@netflix.com. A fake one looks like: account@netflix-support.com or netflix@secure-account.net

See the difference? It's close, but not quite right.


How to check:

  • Click on the sender's name in the email
  • Look at the full email address that appears
  • If it doesn't end in the company's actual domain (.com address), it's fake


Examples of fake addresses:


3. Look for Spelling and Grammar Mistakes

Real companies have professional writers. Scammers often don't speak English as their first language.


Watch for:

  • Weird spacing or formatting
  • Random capitalization
  • Grammar that sounds off
  • Misspelled words


Example: "Dear Valued Customers, We has detected unusual activity on you're account."


Real companies don't write like that.


4. Hover Over Links Before Clicking

This is a critical skill. Don't click—just hover. Put your mouse pointer over any link in the email. Don't click. Just hover. Look at the bottom left corner of your screen. You'll see where that link actually goes.


A real PayPal link shows: https://www.paypal.com/...


A fake one shows: https://paypa1.secure-login.net/...


If the address looks suspicious or doesn't match the company's real website, don't click it.


5. They're Asking for Information the Company Already Has

Your bank already knows your account number. Amazon already knows your password. Netflix already has your credit card. If an email asks you to "verify" or "confirm" information the company already has, it's a scam.


Red flags:

  • "Confirm your Social Security number"
  • "Verify your password"
  • "Update your credit card information"
  • "Re-enter your account details"


What to do: If you think the email might be real, don't click the link. Instead, open your browser, type the company's website address yourself, and log in. If there's really a problem, you'll see a message when you log in.


6. Unexpected Attachments

Did you get an email with an attachment you weren't expecting? Don't open it.


Common fake attachments:

  • "Invoice.pdf" when you didn't order anything
  • "Package_Delivery.zip" when you're not expecting a package
  • "Receipt.docx" from a company you don't use


These often contain viruses.


7. Generic Greetings

Real companies usually address you by name.


Fake emails say:

  • "Dear Customer"
  • "Dear User"
  • "Hello Sir/Madam"


Real emails say:

  • "Hi John"
  • "Dear Sarah Johnson"


Not always—sometimes real emails are generic too. But combined with other red flags, this is suspicious.


How to Spot Fake Websites

You clicked a link and now you're on a website asking you to log in. How do you know if it's real?


Check the Address Bar

Look at the very top of your browser where the website address appears.


A real website: https://www.amazon.com


A fake website: https://www.amazon-security.net or https://amaz0n.com (that's a zero)


Look for the Lock Icon

Legitimate websites have a little padlock icon next to the address. But here's the trick: fake websites can have that lock too. So don't rely on it alone. You still need to check the actual website address.


Watch for Small Differences

Scammers create websites that look identical to the real thing. The only difference is the address. They change one letter. They add an extra word. They use a different ending (.net instead of .com). Look carefully. If anything seems off, close the tab and type the real website address yourself.


Real-Life Examples

Fake PayPal email: "Your account has been limited due to suspicious activity. Click here to restore access within 24 hours or your account will be permanently closed."


Why it's fake:

  • Creates panic with a deadline
  • Sender is paypal-security@outlook.com (PayPal doesn't use Outlook)
  • Link goes to paypa1-secure.net (not paypal.com)


Fake Amazon email: "Your order #8472934 has shipped. Click here to track your package."


Why it's fake:

  • You didn't order anything
  • Sender is shipping@amazon-delivery.com (Amazon is just amazon.com)
  • Attachment labeled "Invoice.pdf" contains malware


Fake bank email: "We detected unusual login activity. Verify your identity immediately."


Why it's fake:

  • Generic greeting "Dear Customer"
  • Link goes to bankofamerica-secure.net (real bank is bankofamerica.com)
  • Bank already knows your information—they'd never ask you to type it in an email


What to Do If You're Not Sure

When in doubt, follow this rule: Never click links in emails.


Instead:

  1. Open your web browser
  2. Type the company's website address yourself
  3. Log in normally
  4. Check if there are any real messages or alerts


If the email was real, you'll see the alert when you log in. If it was fake, you'll see nothing—and you just avoided getting scammed.


You can also:

  • Call the company's customer service number (get it from their real website, not the email)
  • Forward suspicious emails to the company's fraud department (most companies have an email like spam@company.com or phishing@company.com)


What If You Already Clicked?

Don't panic, but act quickly.


If you clicked a link but didn't enter any information:

  • Close the browser tab immediately
  • Run a virus scan on your computer
  • You're probably fine


If you entered your password:

  • Go to the real website immediately and change your password
  • Check your account for any unauthorized activity
  • Enable two-factor authentication if available


If you entered credit card information:

  • Call your credit card company right now
  • Tell them you may have been scammed
  • They'll cancel your card and send you a new one


If you downloaded an attachment:

  • Don't open it
  • Bring your computer to us immediately
  • We'll scan for malware and remove it


The Bottom Line

Phishing scams work because they look real and create panic. Slow down. Check the email address. Hover over links. When in doubt, go directly to the website yourself. These simple habits will protect you from 99% of phishing attempts. And remember: legitimate companies will never threaten you, demand immediate action, or ask for passwords via email. If something feels off, it probably is.


Need Help?

If you think you fell for a phishing scam, don't be embarrassed—it happens to everyone. Bring your computer in right away. We'll check for malware, help you secure your accounts, and make sure the damage is contained. The sooner you act, the better.

Stop Fake "Microsoft Support" Pop-Ups: Why You Need to Upgrade Your Ad Blocker

December 27, 2025
If you've ever had your screen hijacked by a scary pop-up claiming your computer is infected and demanding you call "Microsoft Support" immediately - you're not alone. These scareware attacks are one of the most common issues we see at Top City Tech, and they're getting more sophisticated every day.  The good news? There's a simple fix that takes just a few minutes.

Important Service Update: We're Coming to You

December 1, 2025
We've made an exciting change to how we serve our customers at Top City Tech. We are moving away from walk-in or drop-offs at our shop. Instead, we're bringing our expertise directly to you. We are now picking up devices from you, working on them, and returning them to you! Why This Change Benefits You Your time is valuable. We realized that requiring you to pack up your computer, drive to our shop, wait for service, and make another trip to pick it up was costing you hours of productivity. By coming to you, we're eliminating that hassle entirely. Faster turnaround. Without the overhead of managing a retail storefront, we can focus entirely on solving your technical problems quickly and efficiently. Many issues can be resolved on-site during our first visit, getting you back to work the same day. More personalized service. Seeing your technology in its actual working environment helps us provide better solutions. We can address network issues, printer connectivity, and other problems that only show up in your specific setup. How Our New Process Works 1. We Pick Up . Schedule a convenient time, and we'll come to your location to collect your equipment. No packing, no driving, no waiting in line. 2. We Do the Work . Your device gets our full attention in our workshop. We'll keep you updated on progress and any findings along the way. 3. We Return Everything . Once the work is complete, we deliver your equipment back to you, set it up if needed, and make sure everything is working perfectly before we leave. The Bottom Line This transition allows us to provide you with white-glove service that respects your time and delivers better results. You stay productive while we handle the technical heavy lifting. Ready to schedule a pickup? Send us an email, call, or text to get this started. Note : We no longer offer electronics recycling services. For recycling, please contact Mobile Wave Repair or Shawnee County Hazardous Waste to check on availability and capacity.

How to Update and Manage Your Passwords in Bitwarden

November 20, 2025
You've got Bitwarden set up. Your passwords are saved. Now what? Websites change. You need to update passwords. You want to add new accounts. Here's how to manage everything in Bitwarden.