GMAIL has an interesting plus feature. If you think of email address syntax as firstname.lastname@example.org, then you can put anything you want after a plus sign. So it’s email@example.com. You can use that feature to protect yourself from phishing attacks.
For example, create a random string for your “Mammoth Big Bank” bank (e.g., D3BCA3846CB5). Assume your email id is firstname.lastname@example.org. Then you tell your bank that your email address is user+D3BCA3846CB5@gmail.com! Anything purportedly coming from Mammoth Big Bank has to come with your secret code or you’ll ignore it. You can trash anything coming from Mammoth Big Bank that does NOT have your secret code.
If you’re like me and have lots of dedicated email address, then you can actually set a GMAIL label and filter to discard email that doesn’t authenticate with the secret code.
It’s simple and easy to protect against phishing.
Just don’t forget the D3BCA3846CB5! ;-)