How to spot a phishing email?

A gazillion of trainings is out there, but the ugly truth is simple: since bulk email senders as a service took over, you can not. You can if it is really stupid, but if it is smart, no chance. Legitimate emails are just as suspicious now.

You can stay out of harm’s way, though, if you do not enter any sensitive data on any prompts from links you follow from emails, ever (more so, if you are using a mobile phone). Things can wait until you go to your desktop, open a new browser tab, authenticate properly with your identity provider, and check precisely to whom you grant access to your data hereafter. Yes, screw the “mobile first”.