5 Ways to Prevent Phishing Attacks

When it Comes to Phishing, Don’t Take the Bait



It’s 4:54 pm on a Friday and you get an email from the head of HR saying she urgently needs your bank account information or you won’t get paid next week. By the time you get the info she needs and reply to her, it’s 5:02 pm. Phew! You leave the office that day feeling lucky that you caught it in time.

You wake up Saturday morning only to find someone has drained your bank account. What happened? You just got phished.

Phishing is a type of cyber attack that exploits human behavior to gain access to personal information or get you to install malware on your computer. Phishing messages often look like they’re coming from a trusted source—like your bank, your security provider, or someone you work with—and they usually create a sense of urgency so that you act quickly, without thinking. Another approach is to offer you something you want—money, prizes, love—in the hopes that desire will outweigh common sense.

Luckily, phishing scams only work if you fall for them. The power is in your hands; follow the five tips below to keep yourself safe online.


Did you know?


Since 2019, phishing attacks have increased more than 150%!




1. Slow Down and Stay Suspicious

Does the CEO often email you asking for the digits to the company Mastercard? Does your bank ever reach out to you because they forgot your login and password? Does a new friend on Instagram typically ask for a loan? The answer to all of these questions is no, they do not.

Phishing attacks work because we don’t stop to think about what we’re doing. The best way to prevent them? Slow down and keep a healthy level of skepticism. If you get an email, text, or social media message and something doesn’t seem quite right, don’t reply immediately.




2. Check That Things are What They Seem

By resisting the urge to respond immediately, you’ve taken away the scammer's biggest asset: the sense of urgency. The next step is to dig a little deeper and see if the message is real or not. How do you do that? Here are a few suggestions:


  • Check the sender’s email address or social media profile: Phishers often use email addresses that look similar to legitimate ones but have slight misspellings or extra characters. Similarly, social media usernames may look off and their profiles may be incomplete, have few followers, and little engagement (likes and comments).

  • Hover over links before clicking: Hover your mouse over links to see the actual URL before clicking. Ensure it matches the legitimate website's address. For example, if the email is supposedly from your bank, go to your bank's website directly to check the URL.

  • Look for red flags: Phishing scam artists will try to create a sense of urgency or fear. Also, messages may contain spelling mistakes, poor grammar, or awkward phrasing.



3. Don’t Download Attachments from Unknown Sources

If you get an email or direct message and you’re not sure about the sender, don’t click on any attachments. Getting you to download files is a great way for criminals to spread malware, and it’s not worth taking the risk.

If an email from a known contact contains an unexpected attachment, verify its legitimacy before opening it by calling or emailing that contact directly.




4. Use Security Software

Phishing often involves spamming thousands of people with emails in the hopes that one or two will fall for the trick. Antivirus software can help detect and block malicious emails and attachments.




5. Report Suspicious Messages

Phishing works by manipulating our emotions, and one of those emotions is shame. Many people who are victims of phishing attacks never report the crime to authorities because they feel foolish for getting tricked. But this behavior plays right into cyber criminals’ hands. If you get scammed, or even if you get a suspicious message, report it straight away.


  • To your employer: Report suspicious work emails to your IT or security team.

  • To your email provider: If you receive a phishing email to your personal email address, report it to your provider using their built-in reporting features.

  • To your social media platform: Similarly, if you receive a suspicious direct message, flag it.

  • To organizations: If the email supposedly came from your bank or other trusted company, contact those organizations directly to let them know.

  • To authorities: If you fall victim to a phishing attack and are facing financial loss, identity theft, threats, or suspect organized criminal activity, report it to the police as soon as possible. It may be part of a larger attack!

Now you have the information to recognize phishing scams and stop them in their tracks. Be sure to spread the word to family and friends!