Digital Risks

How Not to Fall for Phishing

  • Reading Time: 4 mins
  • Source: The SecDev Foundation
  • Last Update: 3 January 2023
  • Type: How-To
An illustration of a man hopping over a gap with wild flowers in on a track field.

Phishing scams are as old as the Internet itself and they are not going away. Fortunately, it is usually easy to avoid falling for phishing if you practice basic digital safety rules and use common sense. Follow these basic guidelines to keep yourself safe.

1. Remain skeptical

Always remember that when something you are offered online seems too good to be true, it probably isn’t true at all. Scammers and criminals are very skillful at manipulating our emotions, particularly greed and curiosity. Would you like the latest iPhone for only $20? Would you like to earn a lot of money by trying all these free products that companies send to you for free? Would you like to know which of your classmates or coworkers is secretly into you? All you need to do to get these rewards is click a link, open an attachment or complete a form. Do not fall for this. You are smarter than that.

2. Beware of attachments

It is one of the most fundamental digital safety rules that you should never download or open attachments that arrive in emails, social media messages, or mobile texts from people you do not know or do not trust fully. Scammers and criminals are particularly fond of Word, Excel, PowerPoint and PDF attachments. If an email or any other type of message looks strange or suspicious to you, the best way to deal with it is by deleting it right away.

It is also worth remembering that even people you know and trust can have their email accounts compromised. So if you receive an unexpected email with an attachment from them, it is a good idea to check with the person who you think sent you the email before opening it.

3. Check links before clicking

It goes without saying that you should never click on links sent by people or organizations that you do not know or do not expect to be contacting you. You should also make it a habit to treat each single link you receive as a potential risk. When you get an alert from a colleague, your bank or the social media service you are using, do not click the link in the email. Hover your mouse over the link to see the full website address. This can help you decide whether or not you want to click that link. Alternatively, you can open a browser window and type of address directly into the URL field to make sure the site is real.

Before clicking on a link that you find even a tiny bit suspicious, scan it with a link scanner such as Norton Safe Web that lets you enter the URL of a suspicious link and check it for safety.

Use extra caution when dealing with shortened URL links. Always check the real URL link behind a shortened one. You can use a free online service such as UnshortenIt to “decode” a shortened URL.

4. Slow down to think

One of the phishing tactics that criminals and scammers use particularly well involves creating a false sense of urgency by sending people requests with a tight deadline for action and sometimes punishment for failing to act fast. They may tell you to pay a fine for making an “error” in your latest tax return or face criminal prosecution. Or someone pretending to be your boss may demand that you wire money to a specific bank account or get fired.

Always treat “urgent” requests for information or financial transfers as highly suspicious. Would the tax authorities ever call on your mobile phone to demand that you pay a fine? Would your boss ever demand that you wire money to a bank account that you have never heard about? If something seems off, discuss it with people you trust, colleagues or a lawyer.

5. Verify identity

Always verify that people or organizations requesting information or financial transfers are those who they claim to be. Call them directly or get in touch via a secure messaging platform to double check. Remember that scammers are very skillful at impersonating people and they put a lot of effort and research into doing so.

6. Keep your antivirus up to date

Even if you are extremely cautious and practice perfect digital hygiene, you should always have antivirus and firewall running on all devices you are using. Make sure your antivirus is always up to date so it can deal with any new security threats. It is a good idea to set your critical software such as antivirus and operating system to update automatically.

Learn more about

Digital Risks Icon Digital Risks Passwords Icon Passwords Devices Icon Devices Data Icon Data Conversations Icon Conversations Digital Identity Icon Digital Identity

This site is licensed as Creative Commons BY-NC-SA 4.0. Please read our attribution policy to learn about freely redistributing out work.