The sender’s international area code and the message’s fake link were also red flags, he said. But Charlson knew other recipients might not immediately recognize it as a phishing attempt. He shared a ...