First, check for legitimacy.
Scammers usually include slightly wrong URL’s or have email attachments that are uncalled for. Sure it’s interesting to take a peek in your company’s payroll sheet, but how likely would it be sent to you by mistake?
Often, scammers also make small mistakes in spelling or layout. Such cues are your red flags to watch out for.
Secondly, monitor your emotional buttons.
Does the message raise your stress levels (urgency)? Or does it invoke fear (intimidation), pride (flattery), empathy (worry) or FOMO (curiosity)?
If that happens, take a breath… and don’t overreact by clicking that link or responding right away. Just let that Nigerian prince wait a bit longer before transferring you his money.
And lastly, verify who the sender really is
…over a separate communication channel. If you’re in any doubt after checking and monitoring, switch channels to verify the sender’s identity.
Got an email from Bob? Then send a chat to Bob! Or vice-versa. And don’t forget to use the person’s contact details that you knew already, not the number that “Bob” gave you.