2023 logo for SpireTech, Managed IT Services in the Portland area
Schedule a Meeting

(503) 222-3086

2023 logo for SpireTech, Managed IT Services in the Portland area
Schedule a Meeting
(503) 222-3086

How to Spot and Report Phishing Attacks in 2026

by | Mar 16, 2026 | Uncategorized

a lot of weapons (phishing attempts) hitting a laptop

Topics: 

  • Phishing tactics in 2026 
  • How to spot a phishing email 
  • What to do if you click on a suspicious link 

How to Spot and Report Phishing Attacks in 2026

Learning how to spot and report phishing attacks is critical in 2026, as these attempts to steal personal information have become increasingly sophisticated. Whether it’s an urgent email about a password expiration, a fake shipping notification, or a Teams message impersonating your CEO, they all want the same thing, to steal credentials or compromise business data.  

Here’s the good news: employees who know what to look for are a strong defense. Recognize modern threats, respond quickly, and report suspicious activity the right way. 

Emerging Phishing Tactics in 2026: 6 Modern Threats

Today’s phishing attacks are more sophisticated, personalized, and harder to spot than ever. HTTPS and a padlock icon don’t guarantee safety anymore. Attackers can easily obtain SSL certificates for fake sites

Some emerging phishing techniques include: 

  1. AI-powered personalization 

Any information about someone that is publicly available online can be used, like LinkedIn posts, company news, or mimic colleagues’ writing styles. These messages can be grammatically flawless and contextually relevant. 

  1. QR code phishing (quishing) 

Use of this phishing tactic has increased by 25% year-over-year. Attackers embed QR codes in PDFs or Microsoft documents that look trustworthy. 83% of malicious M365 documents contain QR codes. If someone scans these codes, they will be redirected to fake login pages designed to steal credentials because they look so legitimate. 

  1. Callback phishing 

Short emails with urgent phone numbers, pressuring you to call “support” about a critical security issue. 

  1. Minimal text, malicious attachments 

Brief, generic messages paired with harmful PDFs that deploy malware when opened. Minimal text helps bypass email filters. The attachment contains macros, embedded scripts, or links to phishing sites. 

  1. Legitimate URL abuse 

Hackers also hijack real domains from Google, SharePoint, or Dropbox using redirects to phishing sites. Hover over links to see the expanded URL before clicking. 

  1. Shipping and HR notifications 

Fake FedEx, UPS, or Teams notifications with malicious links. These create natural urgency—nobody wants to miss a package or ignore an HR request. 

How to Spot a Phishing Email

Phishing emails can get anyone; no one is immune. They are designed by people who do this “professionally” and meant to prey on urgency and emotions. But there are some common tells with phishing attempts. Look for these red flags: 

  • Look for these red flags: 
  • Urgent or emotionally charged language like “Account suspended” or “Immediate action required” 
  • Unexpected links or attachments 
  • Sender address inconsistencies—hover over the sender name to reveal the actual email address 
  • Different “reply to” address than the displayed sender 
  • Requests for sensitive information (legitimate companies never ask for passwords via email) 
  • Generic greetings like “Dear valued customer” 
  • Mismatched URLs—hover over links to check for subtle misspellings 

SpireTech tip: When in doubt, verify through another channel. If an email claims to be from your CEO or a vendor, instead of replying to the email, call or text them to confirm before taking action. Also call a known phone number. If you try to use the one included in the signature of the phishing email, it could be changed to go to the scammer, even if the rest of the signature looks like it’s from the person you know.

Post-Click Warning Signs: How to Tell If Your Device Has Malware 

If you think you clicked something suspicious, watch for these warning signs on your device: 

  • Slow performance or frequent crashes 
  • Unexpected pop-ups appearing outside your browser 
  • Programs opening or closing on their own 
  • Antivirus or security software suddenly disabled 
  • Unusual network activity, especially when your computer is idle 
  • Files mysteriously deleted, moved, or corrupted 
  • New browser toolbars or extensions you didn’t install 
  • Changed homepage or default search engine 
  • Disabled right-click or Developer Tools (advanced ransomware technique) 

However, don’t assume you’re safe just because nothing obvious happened. Some malware operates silently in the background, logging keystrokes or exfiltrating data. 

What to Do If You Click Something Suspicious 

Everyone makes mistakes. And don’t panic. Most phishing damage is preventable if you act quickly and report immediately. Time is critical. Follow these steps immediately: 

1. Stop what you’re doing. Do not enter any information on the page. Don’t download anything. Close the browser tab or window. 

2. Contact SpireTech right away. The sooner we know, the sooner we can protect your system and organization. 

3. Document what happened: what you clicked, when it happened, what website you were on, and what you observed afterward. This information is crucial for us or any general phishing remediation: 

4. Do NOT try to fix it yourself. Do not download additional antivirus tools or “cleaners” from the internet. These can make things worse or introduce more malware. Let SpireTech’s team or your IT provider handle it.  

5. Use the Outlook report button. Look for the red shield icon with an exclamation point at the top of Outlook. Click “Report” and select “Report phishing” or “Junk.” This helps improve filtering for everyone. 

6. Change passwords later. Once SpireTech gives the all-clear, update passwords for any potentially affected accounts. Use unique, strong passwords

And remember that you won’t get in trouble. These attacks are designed to fool people and that’s why they work. Reporting quickly is what’s most important. 

How to Report Suspicious Activity to SpireTech 

 Reporting suspicious activity to SpireTech is vitally important and should be done as soon as possible. You can do so by: 

1. Using the system tray icon, the SpireTech logo on the bottom right of your computer screen. This method is best for device-specific issues. Click the SpireTech logo at the bottom left of your screen. Submit a ticket directly from your computer with screenshot capability. 

2. Email or Portal – Forward suspicious emails to [email protected] or submit through the customer portal.  

3. Call for urgent situations: (503) 222-3086. We will always respond within four business hours and triage based on urgency. 

What to include in your report: 

  • The suspicious email (forward as attachment if possible) 
  • What made it seem suspicious 
  • Whether anything was clicked or information was entered 
  • Any unusual behavior since receiving it 
  • Screenshots of anything relevant 

Phishing Prevention: 5 Essential Defensive Measures 

If you are not a client of SpireTech’s, there are some important and basic tips you can follow to build a reliable security defense. SpireTech clients have these and all other aspects of security covered through our Managed IT Services.  

  • Enable MFA on all accounts: multi-factor authentication stops most account compromises in their tracks. 
  • Think before you click: verify unexpected requests through another channel. A two-minute verification call beats hours of breach recovery 
  • Bookmark important sites: access banking, payroll, and critical business sites through bookmarks rather than clicking email links 
  • Keep software updated: enable automatic updates for Windows, browsers, and applications because attackers exploit known vulnerabilities in outdated software 
  • Use strong, unique passwords: SpireTech uses Keeper Password Manager to generate and store complex passwords securely, but best practices can be followed manually as well 

Conclusion 

Security is a collaboration between technology and human vigilance. SpireTech provides the expertise and tools for strong security, but people are always the human firewall. Attacks in 2026 are becoming more sophisticated, but so is our knowledge and ability to spot them when you know what to look for.  

When in doubt, reach out. That’s what we’re here for. A two-minute check of a suspicious email is always better than hours of recovery from a breach. 

Book your free IT consultation

FAQs 

Q: What if I’m not sure if an email is suspicious? 
A: Even if you’re not sure if an email is suspicious, err on the side of caution. If you’re a client, forward it to [email protected]. We’re happy to check any email you’re unsure about. 

Q: How quickly should I report a suspicious click? 
A: You should report suspicious links immediately. The faster SpireTech or your IT team knows, the faster we protect your system and prevent spread.  Minutes matter in cybersecurity incidents. 

Q: I clicked a link but didn’t enter any information. Am I safe? 
A: Even if you did not enter any information from a suspicious link, you are not necessarily safe. The link may have deployed malware, spyware, or tracking cookies. Report it so professionals can scan your device and check for compromise. 

Q: Can SpireTech tell if my account has been compromised? 
A: Yes, SpireTech will be able to tell if your account has been compromised. We detect suspicious account activity like unusual logins, new inbox rules, email forwarding, or credential theft attempts. Always report it though.