Eight ways to avoid phishing scams

/ IT Security Services
June 11th, 2018

IT security - 8 ways to protect against phishing attacks

Phishing is a form of online scam in which fraudsters trick Internet users into submitting personal information to what they believe is a legitimate organisation. This can lead to scammers gaining your personal login credentials or the information needed for identity theft.

Phishing scams usually arrive as an email pretending to come from a legitimate source. Most commonly, Microsoft and Amazon are used as the credentials for those accounts offer a wealth of personal and financial information. However, other companies scammers often pose as include Apple, DropBox, LinkedIn and PayPal.

Because phishing is one of the most devious forms of identity theft, it is important to become familiar with various types of phishing scams as well as learn how to protect against them.

How to protect against phishing attacks

1. Guard against SPAM

Many phishing emails follow a preset script or are sent out in bulk. Having a SPAM filter in place allows you to filter out the majority of these mass emails and can allow you to block messages which come from known malicious addresses. Even with a SPAM filter, you should be especially cautious of emails that:

  • Come from unrecognised senders
  • Ask you to confirm personal or financial information over the Internet or make urgent requests for this information
  • Aren’t personalised
  • Try to upset you into acting quickly by threatening you with frightening information

2. Communicate personal information only via the phone or secure website

When conducting online transactions, look for a sign that the site is secure such as a lock icon on the browser’s status bar or an “https:” URL, whereby the “S” stands for secure, rather than an “http:”.

Do not blindly trust a website which uses https though. Many phishing sites now use https and the green padlock to imply they are more genuine or to instil more trust. But this is just another piece of social engineering. All https means in this scenario is that you’re securely handing your details over to a scammer.

However, you should also be aware of phone phishing schemes. Do not divulge personal information over the phone unless you initiate the call. Be cautious of emails that ask you to call a phone number to update your account information as well.

3. Don’t click on links, download files or open attachments from unknown senders

It is best to only open attachments when you are expecting them and know what they contain, even if you know the sender. Some email clients come with the ability to preview the contents of an attachment and this can be used to determine if the contents are malicious or not.

Additionally, if a link is present in an email, don’t click it. Instead, navigate to the legitimate site via a web browser and continue from there.

4. Never email personal or financial information, even if you are close to the recipient

As a general rule, you shouldn’t be sending personal information over an insecure channel like email. You never know who may gain access to your email account, or to your recipient’s account either and then be able to find that information.

If you must send personal information, many email clients now have the ability to send a self-destructing email which can prevent it from being intercepted.

5. Beware of links in emails that ask for personal information

Even if the email appears to come from an enterprise you do business with you should still be cautious. Phishing websites will often copy the entire look of a legitimate website, to make it appear authentic. To be safe, call the legitimate enterprise first to see if they really sent that email to you.

6. Beware of pop-ups

  • Never enter personal information in a pop-up screen
  • Do not click on links in a pop-up screen
  • Do not copy web addresses into your browser from pop-ups
  • Legitimate enterprises should never ask you to submit personal information in pop-up screens, so don’t do it.

7. Protect your computer

At a minimum, ensure your computer is protected by a firewall, spam filters, anti-virus and anti-spyware software. Do some research to ensure you are getting the most up-to-date software, and update them all regularly to ensure you are blocking new viruses and spyware.

Additionally, setting up two-factor authentication on your accounts can add an additional layer of security and prevent scammers from accessing your personal information.

8. Check online accounts and bank statements regularly

If you’ve been the victim of a phishing scam or think you have, it’s important to constantly monitor the activity of that account. A scammer may lie low for a while to trick the victim into thinking they weren’t affected and that can make the damage much more potent.


You should always be careful about giving out personal information over the Internet. Luckily, companies have begun to employ tactics to fight against phishers, but they cannot fully protect you on your own.

Remember that you may be targeted almost anywhere online, so always keep an eye out for those “phishy” schemes and never feel pressured to give up personal information online.

Read next >>> 4 types of scam emails to watch out for