The email address uses a well-known domain like Gmail.

The email contains a lot of images.

The email is written in a casual tone.

The email address is slightly different from a legitimate company's domain.

By using a free email service.

By purchasing a domain name similar to a real company.

By using a generic greeting.

By sending the email to multiple recipients.

They are familiar with phishing tactics.

They recognize the email address as legitimate.

They see a familiar logo and message.

They have been trained to identify phishing emails.

Hover over links to check their destination before clicking.

Forward the email to your contacts.

Ignore the email and delete it immediately.

Click on the link to verify its authenticity.

Tell them to ignore all emails from unknown senders.

Send them phishing emails as a prank.

Educate them about phishing tactics and test their awareness.

Encourage them to click on suspicious links.