6 Simple Tips to Protect Yourself from Phishing Attacks: A Guide for Non-Techies

In today’s digital age, online security threats are becoming increasingly common and sophisticated. Phishing is one of the most prevalent forms of online fraud, where attackers use deceptive techniques to trick individuals into revealing sensitive information, such as usernames, passwords, and financial details. While many people may be familiar with the term phishing, not everyone knows how to recognize and avoid it. In this context, we will discuss some simple tips that non-technology people can use to identify and protect themselves from phishing attacks. These tips include checking the sender’s email address, looking out for urgent or threatening language, verifying links before clicking, not giving away personal information, keeping anti-virus and anti-malware software up-to-date, and not opening suspicious attachments. By following these tips, individuals can reduce their risk of falling victim to phishing attacks and protect their personal information online.

Check the sender’s email address

When you receive an email, the sender’s email address should be displayed in the “From” field. Checking the sender’s email address is important because scammers often use fake or spoofed email addresses to trick you into thinking that the email is coming from a legitimate source.

One way to check the sender’s email address is to hover your mouse over the “From” field. This will display the full email address, including the domain name. You can then compare the domain name to the legitimate domain name of the company or organization the email claims to be from.

For example, let’s say you receive an email that appears to be from your bank, but the email address is something like “support@your-bank-security.com”. This email address may look legitimate at first glance, but upon closer inspection, you will notice that the domain name is “your-bank-security.com”, which is not the same as the legitimate domain name of your bank. This is a clear indication that the email is a phishing scam and not from your bank.

Another example could be an email from a social media platform that you use, but the email address is something like “support@socialmedia-login.com”. This email address again looks similar to the legitimate email address of the social media platform, but upon closer inspection, you will notice that the domain name is “socialmedia-login.com”, which is not the same as the legitimate domain name of the social media platform. This is another clear indication that the email is a phishing scam and not from the legitimate source.

In general, be cautious of email addresses that are misspelled or have a different domain name than the legitimate source. This is a common tactic used by scammers to trick you into thinking that the email is coming from a legitimate source.

Look out for urgent or threatening language

Phishing scams often use urgent or threatening language to create a sense of urgency and pressure the recipient into taking immediate action. Here are some examples of messages that may contain urgent or threatening language:

1. “Your account has been compromised! Please log in immediately to secure your account.”

This message uses urgent language to create a sense of urgency and pressure the recipient into clicking on the link to log in. However, it is likely a phishing scam designed to steal login credentials.

2. “Your package has been delayed! Click here to track your package and get it delivered as soon as possible.”

This message uses urgent language to create a sense of urgency and pressure the recipient into clicking on the link to track the package. However, it is likely a phishing scam designed to steal personal information.

3. “Your account will be suspended if you do not update your information! Click here to update your account now.”

This message uses threatening language to create a sense of urgency and pressure the recipient into clicking on the link to update their information. However, it is likely a phishing scam designed to steal personal information or login credentials.

In general, be cautious of any email that uses urgent or threatening language to create a sense of urgency and pressure you into taking immediate action. Legitimate companies or organizations would not typically use such language in their emails. If you receive such an email, take a closer look at it and verify its legitimacy before taking any action.

Check the links before clicking

Phishing scams often contain links that lead to fake websites that mimic legitimate ones. Here are some tips to help you check links before clicking on them:

1. Hover over the link: One way to check a link is to hover your mouse over it without clicking on it. This will display the full URL in the bottom left corner of your browser window. Make sure the URL matches the legitimate website you expect to go to. If the URL looks suspicious or different from the legitimate website, do not click on it.
2. Look for HTTPS: Check if the URL starts with “https://” instead of “http://”. The “s” stands for secure and indicates that the website uses encryption to protect your information. However, just because a website starts with “https://” does not necessarily mean it is legitimate. Scammers can still use fake websites with fake security certificates, so it’s important to also consider other factors.
3. Check the domain name: Look at the domain name in the URL and verify that it matches the legitimate website you expect to go to. Scammers often use similar domain names that are misspelled or slightly different from the legitimate website, so be cautious of any differences in the domain name.
4. Use a URL checker: There are online tools that allow you to check the legitimacy of a URL. These tools can check the URL against a database of known phishing websites and other suspicious URLs. Some popular URL checkers include Google Safe Browsing, Norton Safe Web, and URLVoid.

In general, it’s important to be cautious of any links in emails, especially if the email is from an unknown sender or contains urgent or threatening language. By taking a few extra seconds to check the link before clicking on it, you can protect yourself from phishing scams and other types of online threats.

Don’t give away personal information

Phishing scams often ask for personal information, such as login credentials, credit card numbers, social security numbers, or other sensitive information. Here are some more examples of personal information that you should not give away:

1. Passwords: Be cautious of any email or website that asks for your password. Legitimate companies or organizations would not ask for your password in an email or over the phone.
2. Credit card numbers: Be cautious of any email or website that asks for your credit card number, especially if it is not related to a legitimate purchase or transaction that you initiated.
3. Social security numbers: Be cautious of any email or website that asks for your social security number. Legitimate companies or organizations would not typically ask for your social security number in an email or over the phone.
4. Personal identification information: Be cautious of any email or website that asks for personal identification information, such as your driver’s license number or passport number. This information can be used for identity theft or other fraudulent activities.
5. Bank account information: Be cautious of any email or website that asks for your bank account information, such as your account number or routing number. Legitimate companies or organizations would not typically ask for this information in an email or over the phone.

In general, be cautious of any email or website that asks for personal information, especially if it is unsolicited or not related to a legitimate transaction that you initiated. If you receive such a request, take a closer look at it and verify its legitimacy before giving away any personal information.

Keep your anti-virus and anti-malware software up-to-date

Keeping your anti-virus and anti-malware software up-to-date is an important step in protecting your computer from malware, viruses, and other types of online threats. Here are some more details on why this is important and how to keep your software up-to-date:

1. Why it’s important: Anti-virus and anti-malware software helps protect your computer from malware, viruses, and other types of online threats. These threats can steal your personal information, damage your computer, or use your computer to spread the threat to other computers. By keeping your software up-to-date, you ensure that it has the latest virus definitions and protection mechanisms to detect and remove the latest threats.
2. How to keep your software up-to-date: Most anti-virus and anti-malware software will automatically check for updates and install them when available. However, it’s important to make sure that this feature is enabled and that your software is set to update automatically. You should also periodically check for updates manually to ensure that your software is up-to-date.
3. Consider using reputable software: There are many different anti-virus and anti-malware software options available, but not all of them are reputable or effective. Do some research to find software that is well-known, reputable, and has a good track record of detecting and removing threats. You can also look for reviews or recommendations from trusted sources.
4. Run regular scans: In addition to keeping your software up-to-date, you should also run regular scans of your computer to check for viruses and malware. Most anti-virus and anti-malware software will allow you to schedule regular scans or run them manually.

In summary, keeping your anti-virus and anti-malware software up-to-date is an important step in protecting your computer from online threats. By enabling automatic updates, using reputable software, running regular scans, and staying vigilant, you can help keep your computer and personal information safe.

Don’t open suspicious attachments

Phishing attacks often involve the use of malicious attachments in emails that appear to be from legitimate sources, such as banks, government agencies, or well-known companies. Here are a few examples of past phishing attacks that were done using suspicious attachments:

1. Locky ransomware: In 2016, a widespread phishing campaign was launched using email attachments that contained the Locky ransomware. The emails appeared to be from reputable companies, such as Dropbox or FedEx, and included a Microsoft Word document that, when opened, would download the Locky malware onto the victim’s computer. Locky would then encrypt the victim’s files and demand a ransom payment in exchange for the decryption key.
2. Emotet malware: Emotet is a type of malware that is often spread through phishing emails containing malicious attachments, such as Word documents or PDFs. In 2019, a large-scale Emotet phishing campaign was discovered, targeting organizations around the world. The emails appeared to be from legitimate sources, such as banks or financial institutions, and contained attachments that, when opened, would download the Emotet malware onto the victim’s computer.
3. COVID-19 related phishing attacks: During the COVID-19 pandemic, there were numerous phishing attacks that used email attachments related to the virus, such as fake vaccine information or stimulus check applications. These attachments were designed to trick victims into downloading malware or entering personal information on a fake website.

In general, it’s important to be cautious when opening email attachments, especially if they are from an unknown or suspicious source. If you receive an attachment from a source you don’t recognize or the content of the email seems suspicious, do not open the attachment. Instead, delete the email or report it as spam. Additionally, make sure your anti-virus software is up-to-date and that you have a backup of your important files in case of a malware attack.

In conclusion, phishing attacks continue to be a significant threat to individuals and businesses alike. The good news is that there are simple steps that non-technology people can take to identify and avoid these types of attacks. By checking the sender’s email address, being cautious of urgent or threatening language, verifying links before clicking, not giving away personal information, keeping anti-virus and anti-malware software up-to-date, and not opening suspicious attachments, individuals can significantly reduce their risk of falling victim to phishing attacks. It’s essential to remain vigilant when it comes to online security, as cybercriminals are always developing new and more sophisticated methods to steal sensitive information. By staying informed and following best practices, we can help protect ourselves and our personal information online.