How to protect against phishing: 18 tips for spotting a scam
September 19, 2022
Have you ever received an email from your bank urgently asking you to input your personal information to secure your account?
While this may be alarming, the email may not actually be from your bank. In fact, the email could be from a cybercriminal, using a tactic known as phishing.
But what is phishing? Phishing is when a cybercriminal tries to trick you into giving them sensitive information by impersonating a legitimate source.
How can you avoid this? We’ve compiled these 18 tips to teach you how to protect against phishing attacks, including:
- Recognize the signs of phishing
- Don’t respond to a phishing email
- Report suspicious messages to your email provider
- Avoid sharing personal information
- Use strong passwords
- Keep your operating system up to date
- Avoid jailbroken devices
- Keep an eye on your financial statements
- Never click on unknown links or attachments
- Be wary of fake unsubscribe messages
- Only respond to known senders
- Stay informed
- Use two-factor authentication
- Regularly back up your data
- Block pop-ups
- Use a firewall
- Keep your browser up to date
- Use antivirus software
Follow along to learn more about what you can do to help protect yourself from phishing attacks and what you should do if you receive a phishing message.
One of the best ways to prevent phishing is to know how to spot phishing emails. While every message may look a little different, there are red flags to help you spot phishing.
Common warning signs of phishing include:
- Unfamiliar greeting or tone
- Unsolicited messages
- Grammar and spelling errors
- Sense of urgency
- Suspicious links or attachments
- Requests for personal information
- Inconsistencies in email addresses, links, etc.
- Unusual requests
- Alerts that you’ve won something
If the email in question checks any of these boxes, it could be a phishing scam.
If you’re ever suspicious about a message in your inbox, it's best to avoid sending a response. By responding, you’re letting the scammer know that they’re dealing with an active email address. This can prompt them to continue trying to scam you in the future.
After noticing a suspicious message in your inbox, it’s best to report it as soon as possible. If the phishing message was sent to your work email, be sure to also inform your company’s IT department. This can help them stay on top of potential phishing threats and keep you and your coworkers' inboxes safe.
Work incidents or not, it’s also best to report a potential phishing scam to your email provider. This process can differ depending on the provider.
To report phishing emails on Gmail:
- Go to the phishing email
- Click the three-dot icon next to the “Reply” button
- Select “Report phishing”
- Click “Report Phishing Message”
And to report phishing emails on Outlook:
- Go to the phishing email
- Click the three-dot icon next to the “Reply” button
- Select “Mark as phishing”
- Click “Report”
You can also forward the message to the Anti-Phishing Working Group at email@example.com or report it to the Federal Trade Commission. By doing so, your message will be reviewed by a team of security experts, financial institutions, and law enforcement agencies.
When using email, it’s crucial that you avoid sending any sensitive data. This can help ensure prevent your private data from getting into the wrong hands to be used for fraudulent purposes.
It’s also important to note that a legitimate financial institution wouldn’t ask for your personal information over email. If someone is, it’s likely a phishing attempt.
Whether it's to open your device or log in to an online account, a password is usually the last line of defense between your personal information and a nosy cybercriminal. To ensure everything is as safe as possible, it’s essential that you use strong passwords.
That way, if you accidentally fall victim to a phishing attack, you know that your accounts are equipped with strong passwords to help keep any hackers out of your private information.
One great way to ensure your device is protected from phishing is to keep your operating system up to date. Most times, operating system updates include essential security patches to keep your device safe. This can help protect you from phishing-related threats such as malware.
Jailbreaking is the act of removing software restrictions on your device. This practice is commonly done on smartphones to unlock additional features or install third-party applications. While the idea of removing certain restrictions might seem enticing, it often leaves your device vulnerable to mobile security threats.
Because most phishing attacks are used to gain control of your financial information, it’s key that you keep an eye on your financial statements. If you ever notice any unfamiliar charges or suspicious activity, it could be a sign that your accounts have been compromised by a phishing attack.
No matter where you are on the internet, avoiding suspicious links and attachments is a personal cybersecurity best practice. When it comes to phishing, an unknown link could secretly be malware and could put you and your device at risk. Because of this, never click a link or attachment you’re unsure about.
Another common phishing tactic is fake unsubscribe messages. In these scam emails, you may be convinced to click an “unsubscribe” button or add your email to an unsubscribe list to get rid of spam. But instead of actually removing you from the list, you may be taken to a malicious website or marked as an active email account.
Whenever you receive an unsolicited message from an unknown sender, you should be extra cautious. If you respond to just anyone, you’re increasing your chances of falling for a phishing attack and could accidentally give a hacker valuable information. To prevent email phishing, only respond to people you know and trust.
As technology advances, so do the methods scammers use when phishing. To stay prepared, always try to inform yourself about any known phishing scams that are circulating. Also, many workplaces offer anti-phishing and cybersecurity training that can help you stay safe.
Another way to ensure that your accounts are protected against phishing attacks is to enable two-factor authentication (2FA) — an extra layer of protection that can boost the security of your online accounts. Rather than needing only a password, 2FA will require that you input a second form of verification, such as a unique code or security question.
Routinely backing up your data is a good way to increase your peace of mind and help protect against the damage of phishing attacks. That way, if something goes wrong with your device, you’ll know that you’ll still have access to all your important files and data.
In some instances, scammers may use pop-ups in their phishing attacks. To avoid accidentally clicking on one, you can enable a pop-up blocker to provide extra protection from phishing attacks. Luckily, most-used browsers block pop-ups automatically, but it’s always best to double-check.
Firewalls are an effective way to help block any outsiders from gaining access to your private data. While using a firewall may not stop phishing messages from coming into your inbox, it can provide an additional layer of protection between your personal information and a hacker.
Just like your operating system, it's crucial that you also keep your web browser updated. This can help ensure that you’re browsing the web with the most up-to-date security features your browser has to offer, so you and your device stay safe.
Lastly, a great way to protect yourself from phishing and other cybersecurity threats is to use antivirus software. If you accidentally click on a suspicious link, your antivirus software can step in before any viruses can infect your device and leave you and your personal information unprotected.
Plus, what to do if you get a phishing email
Now that you know how to prevent phishing emails, you might be wondering what exactly you should do if you get one.
If a phishing email makes it into your inbox, follow these steps:
- Don’t respond
- Don’t open any links or attachments
- Report the email as phishing
- Delete the message
By following these phishing attack protection tips, you can be sure that you aren’t putting your device or personal data at risk by interacting with a phishing message.
And what to do if you responded to a phishing email
If you’ve accidentally responded to a phishing email, there are ways you can try and get ahead of any of the damage a phishing attack can cause.
So, if you do respond to a phishing email, follow these steps:
- Report the message
- Change account passwords
- Inform your financial institution of the attack
Following the attack, it's important that you keep a close watch over all of your online accounts and banking statements. This can help you catch if the scammer successfully made it into any of your accounts.
In addition to all of the phishing email protection steps listed above, practicing good email security is an excellent way to ensure that you and your device stay Cyber Safe. By prioritizing your cybersecurity, you can send, surf, and scroll all while knowing you’ve taken the proper steps to stay secure online.
Cyber threats have evolved, and so have we.
Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.
Try Norton 360 with Lifelock.
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.