HOW TO SPOT PHISHING: the only rule you need
Learn the simple 3-Second Hover Rule that catches 80% of phishing attempts. With 193,407 FBI complaints in 2024, this is the one habit that could save you thousands.
Last month, a nonprofit director in Ohio clicked a link from "Microsoft Security."
Forty-five minutes later, her organization's bank account was empty.
$47,000. Gone.
She's not careless. She's not tech-illiterate. She was just busy.
That's the thing about phishing. It doesn't target the stupid. It targets the rushed.
The FBI logged 193,407 phishing complaints in 2024. More than double the next category.
And those are just the ones people reported.
Here's the uncomfortable truth: most phishing emails look completely legitimate. Professional logos. Clean formatting. Urgent but believable requests.
So how do you catch them?
The 3-second hover rule
Before you click any link in an email, hover your cursor over it for three seconds.
Look at the actual URL that appears (usually in the bottom left of your screen or in a tooltip).
Does it match where the email claims to be from? Does "microsoft-secure-login.com" look the same as "microsoft.com"?
No? Don't click.
This one habit catches about 80% of phishing attempts because attackers rely on speed. They need you to click before you think.
Those three seconds break the spell.
The urgency test
One more thing: if an email creates urgency ("Your account will be suspended in 24 hours!"), that urgency is almost always manufactured.
Real companies give you time. Scammers don't.
Your takeaway
Turn on link preview in your email client. Gmail and Outlook both show the destination URL when you hover. Make it a reflex.
Three seconds could save you $47,000.