Portmint Lighthouse
CoursesStaying Safe Online

Spotting Phishing and Scams

Pip Lesson 5 · taught by Pip

A scam message is a stranger wearing a familiar coat. It dresses up as your bank, your delivery service, your boss, or a friend — and it counts on you reacting before you look closely.

The good news is that most fakes share the same tells. Once you know them, you start spotting them the way you notice a wobbly chair leg: not because you measured it, but because something feels off.

The everyday tells

Urgency. Real organizations rarely demand that you act in the next ten minutes. Scams almost always do. "Your account will be closed," "verify now," "final notice" — the rush is the point. Pressure stops you from thinking.

The wrong sender. Look at the actual address, not the friendly name. A message from "Your Bank" might really be from support@bank-secure-alerts.co. The display name is easy to fake; the real address is harder to hide.

Odd links. Before you tap, hover over a link on a computer, or press and hold it on a phone, to preview where it truly goes. If the email says "Amazon" but the link points somewhere unfamiliar, that mismatch is the whole story.

A small wrongness. A logo that's slightly blurry. A greeting that says "Dear Customer" instead of your name. A sentence that's almost right but not quite. Scammers cast a wide net, so the details are often a little sloppy.

An unusual ask. Gift cards. Wire transfers. Your password. A code you just received by text. No legitimate company or coworker will ever ask for these out of the blue. That request alone is the alarm.

Think of the lighthouse

Picture a ship signaling in the dark. From far off, a real ship and a fake one both flash lights. The keeper doesn't trust the flashing — he checks the chart, the schedule, the known route. He confirms through a channel he already trusts, not the one doing the flashing.

That's the whole trick. A scam wants you to answer it, on its terms. You break the spell by checking somewhere else.

The pause-and-check habit

When a message wants something from you — money, a login, a click, a code — do three small things:

  1. Pause. Notice the urgency and slow down on purpose. The rush is manufactured; you don't have to honor it.
  2. Check the source. Don't reply, don't call the number in the message, don't tap its link. Instead reach the company or person through a channel you already know: the phone number on the back of your card, the app you normally open, a coworker's known number.
  3. Confirm before you act. "Did you really send me this?" is a one-line message that has saved countless people. A genuine sender won't mind. A scammer can't pass it.

This habit costs you about thirty seconds, and it defeats nearly every email, text, and phone scam — because all of them depend on you skipping exactly this step.

Your turn

Open one message in your inbox right now that asks you to click or confirm something. Find the real sender address. Hover over (or press and hold) any link to preview where it actually leads. Did the name match the destination? Practicing on a calm day makes the habit automatic on a stressful one. 🔦

Next, we'll look at what encryption quietly does to keep your messages and data private — the lock you never see working.

Stuck or curious?

Ask Pip about this lesson — tap the porthole bottom-right.