How to avoid being phished

Never respond to emails that request personal financial information

You should be suspicious of any email that asks for your password or account information, or includes links for that purpose. Banks and ecommerce companies do not usually send such emails.

Look for signs that an email is "phishy"

Some phishing emails are generic, using greetings like "Dear valued customer." They may also include alarming claims (e.g., your account numbers have been stolen), use suspiciously poor spelling or grammar and/or request that you take an action like clicking a link or sending personal information to an unknown address.

Other phishing emails are more targeted and may be very believable. Look for unusual behavior, such as a blank or irrelevant attachment (which could have hidden malware), or a request to click a link that doesn’t fit with the topic or sender of the message.

Visit bank websites by typing the address into the address bar

Don’t follow links embedded in an unsolicited email. Phishers often use these to direct you to a bogus site. Instead, you should type the full address into the address bar in your browser.

Keep a regular check on your accounts

Regularly log in to your online accounts and check your statements. If you see any suspicious transactions, report them to your bank or credit card provider.

Make sure that the website you are visiting is secure

Check the web address in the address bar. If the website you are visiting is on a secure server, it should start with https:// ("s" stands for secure) rather than the usual http://. Also look for a small padlock icon on the browser’s status bar. These signs tell you that the website is using encryption.

However, even if a site is secure, there is no guarantee that it is safe because hackers can create websites that use encryption that are designed to steal personal information.

Be cautious with emails and personal data

Always conduct transactions safely. Don’t let anyone know your PINs or passwords, do not write them down, and do not use the same password for all your online accounts. Don’t open or reply to spam emails as this lets the sender know that your address is valid and can be used for future scams.

Keep your computer secure

Anti-spam software will prevent many phishing emails from reaching you. A firewall also helps to keep your personal information secure and block unauthorized communications. You should also run antivirus software to detect and disable malicious programs, such as spyware or backdoor Trojans, which may be included in phishing emails. Keep your Internet browser up-to-date with the latest security patches.

Always report suspicious activity

If you receive an email you suspect isn’t genuine, forward it to the spoofed organization. Many companies have a dedicated email address for reporting such abuse.

Back to Safety Tips

Back to Threatsaurus Home

download Threatsaurus: A-Z of Threats
Download now