6 Ways to Avoid Getting Phished
Email continues to be the primary delivery method for cyberattacks. In fact, phishing and stolen credentials are the top threat actions that lead to cybersecurity breaches.1
Phishing emails are designed to entice you to click a link or download an attachment, which, in turn, puts malicious files on your computer. This can enable hackers to steal your identity, breach your employer’s systems, and more. That’s why you should always exercise extreme caution when downloading files from emails, even if they’re from contacts you know and trust.
Here are 6 easy steps to help businesses and employees spot phishing emails, so they can avoid taking the bait.
Look for tell-tale signs.
The best way to defend against phishing attacks is to identify phony emails BEFORE you click on them. Keep in mind: checking for these signs does not guarantee an email is safe—you still need to use your best judgement.
1. Check the real sender
Criminals can fake the name that appears in the “From” field. Be sure to check the email address between the brackets to ensure it matches the name in the “From” field. Watch out for addresses that contain typos in the organization name (think amaz0n.com).
2. Check the email greeting and footer
If you do business with an organization, the first line of the email should contain your name. Don’t trust impersonal introductions like “Dear Customer.” Additionally, the footer of any legitimate email should contain, at minimum, a physical address for the brand or institution, and an unsubscribe button. If either one of these items is missing, it’s probably fake.
3. Use your mouse hover to check the links
If an email contains links, DON’T click them. Instead, hover your mouse over the link to see the full URL. If the address isn’t where you’d expect to go, or is very long and full of gibberish, don’t click it. Note: you can’t do this check on a mobile device, so it’s better to avoid clicking any email links using phones or tablets, even if you’re 99% sure it’s safe.
4. Look beyond the email
If you’re unsure if an email is legitimate, try contacting the sender’s brand, company, or institution directly via another channel. Without clicking any links in the email, visit the sender’s official website, or locate their officially listed customer service phone number and call them to verify. If you get something odd that looks like it’s from someone you know personally, call them and ask them about it.
5. Be suspicious of all information requests
Avoid entering any financial or personally identifiable information unless you are extremely confident in the identity of the party you are communicating with.
6. When in doubt, delete
If you don’t know the sender, or if something seems off, delete the email and/or report it to your IT department (as appropriate). If it wasn’t fake, the sender will contact you another way or send the message again.
Next Steps
Read about how our solution for Security Awareness Training can help keep your business, customers, and end users safe. Not sure if you need Security Awareness Training, or have colleagues or clients who don’t see the value in it? Check out our free Security Awareness Training PowerPoint presentation to help make the case.
1 Verizon. “2019 Data Breach Investigations Report.” (April 2019)
Webroot Can Help
Start a free 30-day, no-risk, no-software-conflict trial today to see the Webroot difference for yourself. Have other questions? Ask away.
