Phishing largely depends on these three factors:
The External Email – Use Caution Label
Email clients often will display a friendly name when listing emails and only show the true return address when the properties are more deeply investigated. That is convenient, but the return name is trivial to fake. As you can see, in my messages list it appears as if Ed Schlesinger is writing me an important note. It’s only if I check at the top of the message that I’ll see that the message is really from firstname.lastname@example.org.
Here’s an example, but with the External Email – Use Caution label enabled.
The situation is worse on mobile email clients, which often don’t have the screen space to display the return address at all.
The obvious tipoff for this, that would make you pause when getting an email from a work colleague, is the big red External Email – Use Caution warning. How is this turned on? It’s in MyJH, under Messaging -> Email Settings, and then turn on the external email tag. The change takes about 30 minutes to become effective.