The classic phishing email — badly translated, weirdly formatted, full of typos — is extinct. AI now writes scam copy that is indistinguishable from genuine corporate communications, on perfectly cloned templates, delivered through the channels people trust most: WhatsApp, SMS, and LinkedIn.
What replaced the typo
Modern phishing relies on three things: a credible sender (a real domain or a near-identical lookalike), a credible reason (a real invoice cycle, a real package, a real password reset), and urgency that lives just under your suspicion threshold.
The one habit that defeats it
Never act from inside the message. Open a new tab, type the company's domain by hand, and log in there. If something is genuinely wrong with your account, it will be waiting for you. If the message was a scam, you simply never know.
- Domain has an extra word or hyphen (apple-id-support.com)
- Message creates urgency tied to a real recent action
- Asks you to click rather than to log in independently
- Arrives in a channel the brand doesn't normally use
- 1.Never click. Type the domain by hand or use a bookmark.
- 2.Use a password manager — it will refuse to autofill on a lookalike domain.
- 3.On suspicious emails, check the full sender address, not just the display name.
- 4.Forward suspicious SMS to your country's scam hotline (Singapore: 9080 0000).
Want this lesson delivered live to your team?
Tailored workshops for SMEs, families and organisations — in English or Spanish.
Book a workshop →