Do you have a custom domain? If yes, did you make sure it is safe from being abused by phishers and spammers?
This blog explains. how to use gpg [A] key for ssh Authentication
There are many uses for gpg, like signing/encrypting emails, signing commits, password store, use it as ssh key, etc…
Identifying phishing can be harder. Here is a quiz from google to help you to be a better spotter of phishing emails