How to protect against phishing: 18 tips for spotting a scam
September 18, 2022 4 min read
Have you ever come across a phishing email and wondered how to best protect yourself? Check out this guide to learn how to protect yourself against phishing attacks. Criminals are good at making email scams look like actual emails, so that it's easy to get tricked into opening, clicking, or sharing shady links. Norton Genie Scam Detector can tell you if it could be a scam before you get scammed.
If the email in question checks any of these boxes, it could be a phishing scam.
2. Don’t respond to a phishing email
If you’re ever suspicious about a message in your inbox, it's best to avoid sending a response. By responding, you’re letting the scammer know that they’re dealing with an active email address. This can prompt them to continue trying to scam you in the future.
3. Report suspicious messages to your email provider
After noticing a suspicious message in your inbox, it’s best to report it as soon as possible. If the phishing message was sent to your work email, be sure to also inform your company’s IT department. This can help them stay on top of potential phishing threats and keep you and your coworkers' inboxes safe.
Work incidents or not, it’s also best to report a potential phishing scam to your email provider. This process can differ depending on the provider.
To report phishing emails on Gmail:
Go to the phishing email
Click the three-dot icon next to the “Reply” button
Select “Report phishing”
Click “Report Phishing Message”
And to report phishing emails on Outlook:
Go to the phishing email
Click the three-dot icon next to the “Reply” button
Select “Mark as phishing”
You can also forward the message to the Anti-Phishing Working Group at firstname.lastname@example.org or report it to the Federal Trade Commission. By doing so, your message will be reviewed by a team of security experts, financial institutions, and law enforcement agencies.
4. Avoid sharing personal information
When using email, it’s crucial that you avoid sending any sensitive data. This can help ensure prevent your private data from getting into the wrong hands to be used for fraudulent purposes.
It’s also important to note that a legitimate financial institution wouldn’t ask for your personal information over email. If someone is, it’s likely a phishing attempt.
5. Use strong passwords
Whether it's to open your device or log in to an online account, a password is usually the last line of defense between your personal information and a nosy cybercriminal. To ensure everything is as safe as possible, it’s essential that you use strong passwords.
That way, if you accidentally fall victim to a phishing attack, you know that your accounts are equipped with strong passwords to help keep any hackers out of your private information.
6. Keep your operating system up to date
One great way to ensure your device is protected from phishing is to keep your operating system up to date. Most times, operating system updates include essential security patches to keep your device safe. This can help protect you from phishing-related threats such as malware.
7. Avoid jailbroken devices
Jailbreaking is the act of removing software restrictions on your device. This practice is commonly done on smartphones to unlock additional features or install third-party applications. While the idea of removing certain restrictions might seem enticing, it often leaves your device vulnerable to mobile security threats.
8. Keep an eye on your financial statements
Because most phishing attacks are used to gain control of your financial information, it’s key that you keep an eye on your financial statements. If you ever notice any unfamiliar charges or suspicious activity, it could be a sign that your accounts have been compromised by a phishing attack.
9. Never click on unknown links or attachments
No matter where you are on the internet, avoiding suspicious links and attachments is a personal cybersecurity best practice. When it comes to phishing, an unknown link could secretly be malware and could put you and your device at risk. Because of this, never click a link or attachment you’re unsure about.
Whenever you receive an unsolicited message from an unknown sender, you should be extra cautious. If you respond to just anyone, you’re increasing your chances of falling for a phishing attack and could accidentally give a hacker valuable information. To prevent email phishing, only respond to people you know and trust.
12. Stay informed
As technology advances, so do the methods scammers use when phishing. To stay prepared, always try to inform yourself about any known phishing scams that are circulating. Also, many workplaces offer anti-phishing and cybersecurity training that can help you stay safe.
13. Use two-factor authentication
Another way to ensure that your accounts are protected against phishing attacks is to enable two-factor authentication (2FA) — an extra layer of protection that can boost the security of your online accounts. Rather than needing only a password, 2FA will require that you input a second form of verification, such as a unique code or security question.
14. Regularly back up your data
Routinely backing up your data is a good way to increase your peace of mind and help protect against the damage of phishing attacks. That way, if something goes wrong with your device, you’ll know that you’ll still have access to all your important files and data.
15. Block pop-ups
In some instances, scammers may use pop-ups in their phishing attacks. To avoid accidentally clicking on one, you can enable a pop-up blocker to provide extra protection from phishing attacks. Luckily, most-used browsers block pop-ups automatically, but it’s always best to double-check.
16. Use a firewall
Smart firewalls are an effective way to help block any outsiders from gaining access to your private data. While using a firewall may not stop phishing messages from coming into your inbox, it can provide an additional layer of protection between your personal information and a hacker.
17. Keep your browser up to date
Just like your operating system, it's crucial that you also keep your web browser updated. This can help ensure that you’re browsing the web with the most up-to-date security features your browser has to offer, so you and your device stay safe.
18. Use antivirus software
Lastly, a great way to protect yourself from phishing and other cybersecurity threats is to use antivirus software. If you accidentally click on a suspicious link, your antivirus software can step in before any viruses can infect your device and leave you and your personal information unprotected.
Plus, what to do if you get a phishing email
Now that you know how to prevent phishing emails, you might be wondering what exactly you should do if you get one.
If a phishing email makes it into your inbox, follow these steps:
Don’t open any links or attachments
Upload a screenshot, or copy and paste the email into Norton Genie to confirm if it may be a phishing scam
Report the email as phishing
Delete the message
By following these phishing attack protection tips, you can be sure that you aren’t putting your device or personal data at risk by interacting with a phishing message.
And what to do if you responded to a phishing email
If you’ve accidentally responded to a phishing email, there are ways you can try and get ahead of any of the damage a phishing attack can cause.
So, if you do respond to a phishing email, follow these steps:
Report the message
Change account passwords
Inform your financial institution of the attack
Cyber threats have evolved, and so have we.
Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.
Following the attack, it's important that you keep a close watch over all of your online accounts and banking statements. This can help you catch if the scammer successfully made it into any of your accounts.
In addition to all of the phishing email protection steps listed above, practicing good email security is an excellent way to ensure that you and your device stay Cyber Safe. By prioritizing your cybersecurity, you can send, surf, and scroll all while knowing you’ve taken the proper steps to stay secure online.
Clare Stouffer, a Gen employee, is a writer and editor for the company’s blogs. She covers various topics in cybersecurity.
Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.