How to avoid phishing scams (and recover if you’re caught)

Published on May 30, 2019


The internet isn’t exactly the wild west anymore. Regulations are in place to protect your personal information, email servers are on the watch for unverified emails, and spam filters have gotten pretty good at removing unsolicited emails from your inbox. Even with these precautions, however, phishing is still a threat we must protect ourselves against.

What is phishing?

Phishing is when a cybercriminal impersonates, or “spoofs,”  a legitimate company to trick unsuspecting users into handing over their personal information that can be used for identity theft. Criminals use the information to log in to accounts and steal identities, money, confidential information, or anything else of value.

Cybercriminals also use phishing to spread computer viruses. They then demand a ransom to prevent damages that could be debilitating to an individual or business.

No one is completely safe from being targeted by phishing. If you use the internet, you are at risk.

Spot phishing before you’re hooked

The term phishing was coined because, like actual fishing, it involves using bait, usually in the form of a legitimate-sounding request in an email, to lure an unsuspecting individual into turning over their credentials. Phishing can be sophisticated and difficult to spot, but it’s not impossible. Here are a few signs:

  • Does the message seem unexpected or out of place? If you receive an email from your bank with an unusual request, don’t discount your instincts. If you weren’t expecting the email, it’s a good idea to investigate further before opening the attachment or clicking on the link.
  • Does the sending email address match who the sender claims to be? Keep in mind that this can be faked, but if the address and sender don’t match, it’s most likely a scam. For example, an email from your bank should not be from Gmail.
  • Is the email awkwardly composed with poor grammar? If there are mistakes in the email, or if the wording sounds strange, that could be a sign of phishing. However, keep in mind that phishing attempts can be very nicely composed and professional. A perfect looking email doesn’t mean you shouldn’t be cautious.
  • Does the email open with a generic greeting? Most legitimate organizations will address you by name. Anything else, such as “Greetings user” or “Dear Sir/Ma’am,” is a good sign that the message has a nefarious motive.

How to protect yourself

You may be wondering what you can do if you suspect a phisher. You don’t want to get caught, but you also don’t want to neglect a legitimate notice regarding your account. There are a few basic rules that will help you stay in control:

  • Go to the website directly. Even if the email looks professional, if you’re not expecting the email or have any suspicions at all, don’t use the link in the email. Log in to your account through the website as you normally would.
  • Don’t open attachments that you aren’t expecting or file types you don’t recognize.
  • Make it a personal rule to never send personal information such as passwords and other credentials through email.
  • Don’t succumb to scare tactics such as the threat of closing your account. This is a common tactic phishers use to get their targets to hand over credentials in a moment of fear. Don’t do it. If you receive one of these emails, take a deep breath and log in to your account through the website.
  • If you’re still not certain if the email is real or a phishing scam, call the customer service number listed on the company’s website and ask.

What to do if you’ve fallen victim to a phishing scam

We’re all balancing busy lives and trying to check off our to-do lists. Phishers count on this fast pace to let them sneak in and commit their cybercrimes. There’s no need to be embarrassed if you get phished. It happens. If you know what to do, you’ll be able to head off any serious damage as soon as you realize what happened. Here are the steps you can take to recover if you fall for a phishing scam:

  • Change your password. If you’ve used that password multiple places (which you should never do), change it on all accounts.
  • Enable two-step authentication when it’s available.
  • Notify the company that was spoofed.
  • Scan your computer for viruses.
  • If you handed over any financial information, contact your bank so they can cancel credit and debit cards and be on the lookout for fraudulent purchases.

Phishing is one of the dangers of conducting business online, but its consequences are avoidable if you use common sense when reading your emails. Remember, if in doubt, you can always go to your account through the company’s legitimate website or call their customer service line and talk to someone directly about your concerns.

Want to learn more about smart online security tactics?

Sign up below to receive our newsletter.

Phishing is when a cybercriminal impersonates a legitimate company to trick unsuspecting users into handing over their personal information. It’s important to learn how to spot phishing attempts and what steps to take if you fall for one so you can recover with minimal damage.

Subscribe to our newsletter

...and we’ll send 6 tips to make sure your emails are truly HIPAA compliant straight to your inbox.