Skip to main content

Read This Before You Click, Tap, or Respond: Outsmarting Phishing Scams

· 4 min read
Joie Llantero
Joie Llantero
Security Engineer

Scams are getting smarter—whether through emails, texts, or phone calls. In this post, we break down how phishing, smishing, and vishing work, the warning signs to watch for, and how you can protect yourself from falling victim. Whether you're checking your inbox, reading a message, or answering a call, this guide will help you stay one step ahead.

What is Phishing?

As defined in Merriam Webster, Phishing is...

The practice of tricking Internet users into revealing personal or confidential information which can then be used illicitly.

Phishing can come through email, SMS, or phone calls — from fake princes offering wealth to urgent bank alerts or fraud department calls. These are common tactics used to steal your information. Let’s explore how to spot phishing in any form.

How to Recognize Phishing

Phishing Emails

Let's check out the email below. Spot anything interesting?

phishing-email-sample
Credits to hooksecurity.co for the image.

Here's what to look out for:

  • Design
  • Address
  • Subject and body
  • Links

Does this look like a real Microsoft email? Probably not—no logo, and a sketchy domain like msupdate[.]net. Let’s drop it into VirusTotal, a free tool that scans links with multiple antivirus engines, and see what turns up.

Well, that looks bad...

virustotal-result

So, VirusTotal flagged the domain as malicious—yep, definitely not from Microsoft. That’s a big clue this email’s up to no good.

Even if just a few antivirus engines catch it, like 3 out of 94, that’s enough to raise an eyebrow. A lot of phishing sites are brand new, so they might not get flagged right away. That’s why it helps to look at the whole email—check the subject, the wording, any weird typos or bad grammar, and see if the message feels off. Ask yourself: does this even make sense for me? Do I have a Microsoft account? And if you’re unsure, you can always right-click any links, copy them, and run them through VirusTotal. Better safe than sorry!

Smishing (Phishing through SMS)

Here’s how Smishing plays out in real life—a text pretending to be from the Philippine Postal Corporation, the country’s official postal service, trying to trick the recipient.

virustotal-result

The biggest red flag? The link. A legit government agency wouldn’t use a .com—it should be .gov.ph. Plus, there's a typo, and I’m not even expecting a package. Definitely a Smishing attempt.

Just because a domain ends in .gov.ph or belongs to a government agency doesn’t always mean it’s safe—what if their system gets hacked? As mentioned earlier, it’s important to look at the entire message and ask yourself the right questions before trusting it.

Vishing (Phishing through Voice Calls)

Vishing scams can catch you off guard, but staying safe is all about being cautious. If you get a call from someone you don’t know—especially if they’re asking for personal info or making things sound urgent, like “your account is locked” or “you’re under investigation”—take a step back. Don’t panic. Just hang up, and call the company or agency yourself using their official number. It’s always better to double-check than get tricked.

Protect Yourself Going Forward

Phishing comes in many forms, but the goal is always the same—to trick you into handing over something valuable. The good news? A little awareness goes a long way. By staying curious, double-checking messages, and using tools like VirusTotal, you’re already making it harder for attackers to succeed. Keep your guard up, trust your instincts, and remember: it’s okay to pause before you click, tap, or respond. That moment of caution could save you a lot more than just your inbox.