Cyber Security - MakeTheHire.com

How Can You Identify a Phishing Email and Other Sneaky Scams

These days, our inboxes and phones are like buzzing beehives — there’s always something going on. And that’s exactly why scammers love them. Phishing is still one of the oldest tricks in the book, but it works because it preys on what makes us human: our curiosity and our tendency to trust.

At its heart, phishing is about tricking you into handing over personal stuff — like your credit card info or login credentials — usually by pretending to be someone you know or a brand you trust. Whether it’s a fake email from your “bank” or a text from a “delivery company,” these crooks have gotten really good at looking legit.

So, how do these phishing emails work?

Imagine someone sending you a story so convincing you don’t think twice before clicking. They’ll say your package is stuck, your Netflix account is on hold, or your bank needs you to “verify” something urgently. And boom — one click, and they’re in.

These emails look scarily real sometimes. Scammers spoof addresses, copy logos, and even match the tone of actual customer service messages. If they get what they want, they might drain your bank account, hijack your email, or sell your info to other shady characters.

👉 Read this post to find out how to stay secure

Red flags to watch out for

I like to think of this as playing digital detective. Here’s what I always check before clicking anything weird:

Check the sender’s email address:
- If the email says it’s from PayPal but the address is paypal-support123@gmail.com, run for the hills.
- Look for funky spellings — things like amaz0n.com with a zero instead of an “o” are classic traps.
- On your phone? Tap on the sender’s name to see the full email address. On desktop, hover over it. You might find some surprises there.
Generic greetings:
“Dear Customer”? “Dear User”? Nah. If a company really knows you, they’ll usually use your name. That said, spear phishing attacks (the hyper-targeted ones) might include your name, so don’t let that alone fool you.
Scary urgent messages:
Ever gotten an email screaming “ACT NOW OR YOUR ACCOUNT WILL BE CLOSED”? Total scam energy. Scammers love to freak you out so you’ll act fast without thinking.
Weird grammar and typos:
This one’s getting trickier thanks to AI tools, but many phishing emails still have awkward phrasing or random errors. If something reads like it was run through Google Translate twice, it’s probably bogus.
Random links and attachments:
Hover over links before clicking (or long-press on your phone). If the actual URL doesn’t match where it says it’s going, don’t touch it. And attachments? If you weren’t expecting one, don’t open it — even if it looks like an invoice or a doc you “need.”
Requests for sensitive info:
No legit company is going to email asking for your passwords or credit card numbers. Period.
Off-brand logos and weird formatting:
Blurry logos, weird fonts, or colors that feel “off”? Another red flag.
Out-of-the-blue messages:
If you suddenly get an email saying you won a prize or need to reschedule a package you never ordered, be skeptical.
Gut feeling:
Honestly, your spidey sense is a solid tool. If something feels fishy (pun intended), it probably is.

For the extra nerdy folks: email headers

I used to geek out over email headers when I worked on the service desk. They’re like a behind-the-scenes travel log for an email, showing where it really came from and which servers it passed through. If you’re up for it, you can dig into the “From” and “Received” fields to sniff out shady routes or mismatched domains.

Beyond email: Smishing and vishing

Phishing isn’t just stuck in your inbox anymore.

Smishing: That’s phishing via text messages. You might get a text pretending to be your bank saying “Suspicious activity! Click here to verify.” Don’t.
Vishing: Voice phishing via calls. Someone calls, claims they’re from “tech support” or “the IRS,” and demands money or access. With AI voice cloning getting better, these scams can be scarily convincing.

Same rule applies: Don’t share personal info, and don’t get pressured into acting fast.

What to do if you get a sketchy message

Don’t click or open anything: Better safe than sorry.
Verify independently: Find the official contact info yourself (Google it or check your bank card), don’t use the phone number or links in the email or text.
Report it:
- Email: Forward to reportphishing@apwg.org.
- Text: Forward to 7726 (which spells SPAM).
- FTC: ReportFraud.ftc.gov.
Delete it: Once you’ve reported, get it out of your life.

What if you already fell for it?

Look, it happens. Don’t beat yourself up. Here’s what to do:

Change your passwords ASAP, everywhere you reused them.
Turn on multi-factor authentication if you haven’t already.
Run a security scan on your device.
Check your bank and credit card statements like a hawk.
Tell your IT team or bank right away if it involves work or money.
Report identity theft at IdentityTheft.gov if it went that far.

Keeping yourself (and your company) safe

Keep your software updated automatically.
Back up your stuff regularly.
Join security awareness trainings if your company offers them. If not, poke your boss to start one.
Use email filters and authentication tools to block the worst of the junk.

👉 On this post you will find more tips to stay secure

Phishing scams are always evolving, but you don’t have to be an easy target. Stay sharp, trust your gut, and keep talking to others about it — you’d be surprised how many folks don’t realize how sneaky these attacks can get.

Oh! And if you want to test your skills in a fun way, check out Google’s phishing quiz here. It’s surprisingly eye-opening — and kinda addictive.

Stay safe out there!

Protect Your Recruiting Life: 6 Real-World Security Moves

Picture this: you’re knee-deep in email threads, juggling job postings and scheduling interviews, when—bam!—some scammer gets into your LinkedIn and starts spamming your network. Total nightmare, right? I’ve seen it firsthand from my IT days in recruiting. So here are four (actually, five!) security moves that make a real difference—no boring lectures, just practical stuff you’ll actually use.

Armored up and ready to fend off cyber invaders!

Double Up with Two-Factor Authentication (2FA)

If your password gets leaked, 2FA is your last line of defense. I like using an authenticator app (Google Authenticator or Authy) over SMS—no waiting for texts and it’s harder for hackers to mess with. Seriously, turn this on everywhere you can. Here is how to do it on for LinkedIn

Use a Password Manager (Please—Just Do It)

Tired of “forgot password” rituals? Me too. Password managers like Nordpass generate and save strong, unique passwords for every site. Set it up once and you’ll never go back.

Beware of Chrome Extensions—Trust, But Verify

This one’s personal: I’ve watched recruiters lose access because they grabbed a random Chrome extension promising to “streamline sourcing” and got malware instead. If it’s not from a brand you recognize (or your IT department approves), skip it. And do a quick audit every so often—uninstall anything you don’t use.

Spot Phishing Like a Pro

Recruiters get more weird emails than anyone. If something feels off:

Check the sender’s actual email (not just the name).
Hover over links—does it go where you expect?
No real site ever asks for your password by email.

Get a second opinion if you’re ever unsure. Paranoia is your friend here!

👉 Read How Can You Identify a Phishing Email and Other Sneaky Scams

Keep Everything Updated

Those little update pop-ups? They patch holes hackers are waiting to exploit. Set your browser, email, and ATS to auto-update. Less hassle, more security.

Use a VPN—Especially on Public Wi-Fi

You ever take your laptop to a coffee shop or work on hotel Wi-Fi? You’re not the only one on that network! A VPN like NordVPN, encrypts your connection so nobody can snoop—especially important when handling candidate data or sensitive logins.

Bonus: Back Up Everything

Think about all your candidate lists, contacts, and notes. Now imagine losing it all to a ransomware attack or crashed laptop. Automatic cloud backups or a secure external drive can be a lifesaver. And yes, test your backups once in a while—otherwise, you’re just hoping they work!

Why It All Matters for Recruiters

Saves time—no scrambling to fix a breach.
Protects your reputation—nobody wants to be “that recruiter” who lost everyone’s data.
Saves money—avoiding ransomware or downtime.
Peace of mind—so you can actually focus on hiring, not security drama.

🎉 Special Deals — Because You Deserve It

NordPass – Get 50% off your premium plan: Secure your passwords now with 50% off NordPass »
NordVPN – Protect your connection for less with 73% off: Get 73% off NordVPN and browse securely »

Quick Recap Table

Tip	Why Bother?	Pro Move
2FA	Stops account breaches	Use authenticator apps
Password Manager	No password repeats	Generate & autofill unique logins
Chrome Extensions	Prevents malware/hijacking	Only install trusted brand add-ons
Phishing Savvy	Avoids credential theft	Check senders & links
Software Updates	Blocks known exploits	Auto-update everything
VPN	Secures public Wi-Fi	Use on any shared/untrusted network
Backups (Bonus)	Disaster recovery	Auto-backup to cloud or local drive

FAQ Cybersecurity

I already use strong passwords. Do I really need two-factor authentication (2FA)?

Absolutely. Even the strongest password can get leaked or phished. 2FA acts like a deadbolt on your digital doors—if someone grabs your password, they still can’t get in without that second code. It’s quick to set up and could save you from a major headache. Trust me, you’ll sleep better.

How can I tell if a Chrome extension is safe for my recruiting work?

If you don’t recognize the brand or it wasn’t recommended by your IT department, hit pause. I’ve seen recruiters lose access to their own accounts because of sketchy extensions. Stick to well-known tools and give your list a cleanup every so often. If in doubt, ask IT (they won’t bite, I promise).

Do I really need a VPN if I’m just checking emails at a coffee shop?

Yep! Public Wi-Fi is a goldmine for snoopers. A VPN keeps your logins and candidate info hidden from anyone lurking on the same network. Think of it as your own private tunnel—especially important if you’re handling sensitive recruiting data outside the office.

Final Word

You don’t have to be an IT wizard—just a few small habits keep your recruiting game strong and secure. And hey, if you’re ever unsure about an extension, a VPN, or a weird pop-up, ask for help. No judgment here—better safe than locked out.

Got a security story or want more tips? Let me know. I’m always happy to share what I’ve seen work (and what can go wrong) in the wild world of recruiting tech!