How to Prevent Phishing Attacks

Some of the simplest and most effective techniques used by cybercriminals to achieve their goals are what are known as phishing attacks. It is often much easier to trick someone to click on a link in an email or open a malicious attachment than to hack past an organization’s firewall and other defenses. Phishing attacks can have a number of different goals, including malware delivery, stealing money, and credential theft. However, most phishing scams designed to steal your personal information can be detected if you pay enough attention.

Here are a few phishing prevention tips to keep in mind:

Request a Demo Read the eBook

1. Always be suspicious of password reset emails

Password reset emails are designed to help when you can’t recall the password for your account. By clicking on a link, you can reset the password to that account to something new. Not knowing your password is, of course, also the problem that cybercriminals face when trying to gain access to your online accounts. By sending a fake password reset email that directs you to a lookalike phishing site, they can convince you to type in your account credentials and send those to them. If you receive an unsolicited password reset email, always visit the website directly (don’t click on embedded links) and change your password to something different on that site (and any other sites with the same password).

2. Always note the language in the email

Social engineering techniques are designed to take advantage of human nature. This includes the fact that people are more likely to make mistakes when they’re in a hurry and are inclined to follow the orders of people in positions of authority.

Phishing attacks commonly use these techniques to convince their targets to ignore their potential suspicions about an email and click on a link or open an attachment. Some common phishing techniques include:

  • Fake Order/Delivery: A phishing email will impersonate a trusted brand (Amazon, FedEx, etc.) stating that you have made an order or have an incoming delivery. When you click to cancel the unauthorized order or delivery, the website (which belongs to a cybercriminal) will require authentication, enabling the attacker to steal login credentials.
  • Business Email Compromise (BEC): BEC scams take advantage of hierarchy and authority within a company. An attacker will impersonate the CEO or other high-level executive and order the recipient of the email to take some action, such as sending money to a certain bank account (that belongs to the scammer).
  • Fake Invoice: The phisher will pretend to be a legitimate vendor requesting payment of an outstanding invoice. The end goal of this scam is to have money transferred to the attacker’s account or to deliver malware via a malicious document.


In other words, if an email is urging you to take rapid or unusual actions, slow down and verify that it is legitimate before trusting it. Additionally, it is important to consider whether a phishing email’s tone is “on brand” for the supposed sender. Phishing emails will often – but not always – contain misspellings, grammatical errors, or unusual phrasing. If an email doesn’t “sound right”, then don’t trust it.

3. Never share your credentials

Credential theft is a common goal of cyberattacks. Many people reuse the same usernames and passwords across many different accounts, so stealing the credentials for a single account is likely to give an attacker access to a number of the user’s online accounts.


As a result, phishing attacks are designed to steal login credentials in various ways, such as:

  • Phishing Sites: Attackers will create lookalike sites that require user authentication and point to these sites in their phishing emails. Beware of links that don’t go where you expect them to.
  • Credential-Stealing Malware: Not all attacks against your credentials are direct. Some phishing emails carry malware, such as keyloggers or trojans, that are designed to eavesdrop when you type passwords into your computer.
  • Support Scams: Cybercriminals may pose as customer support specialists from Microsoft, Apple, and similar companies and ask for your login credentials while they “help” you with your computer.


Cybercriminals use a lot of different pretexts and scams to attempt to steal your account credentials. Never tell anyone your password, and, if an email points to a login page, visit the site directly and authenticate from there to protect against lookalike phishing sites.

Protecting Against Phishing Attacks

Understanding the risks of phishing attacks and some of the most common pretexts is an important first step in protecting against them. However, modern phishing campaigns are sophisticated, and it is probable that, eventually, someone will fall for one.


When this happens, having endpoint and email security solutions in place can mean the difference between a major security incident and a non-event. To learn more about protecting your organization against phishing, contact us and check out our advanced anti-phishing solution.

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.