How to Protect Yourself from Phishing: Simple and Effective Tips

Many sources discuss the different types of phishing and the tools used by attackers. While this information is useful, it’s even more important to know how to avoid falling victim to phishing yourself. Here, we share some simple yet effective ways to protect yourself.

1) Never Open Suspicious Links or Attachments

The first rule is to never open links or attachments sent to your email unless you are absolutely sure of their legitimacy.

2) Verify Emails Through the Sender

One way to check if an email is genuine is to contact the sender through another communication channel. For example, if you receive an email supposedly from your bank, call the bank directly or manually enter the bank’s website address in your browser instead of clicking any links in the email. Similarly, if your Uncle Bob sends you an attachment, call him to confirm he actually sent you those photos.

3) Use Cloud Storage and File Hosting Services

If you frequently send files to colleagues, consider using a more secure method than email. Upload files to a private server or use services like Google Drive, Yandex Disk, or Dropbox. If you usually share files via cloud storage or your company’s server, any email with an attachment sent in your name will immediately raise suspicion among your recipients. Hacking and replacing files on a server is generally more difficult than faking an email.

By the way, we have written about the most secure cloud storage options HERE.

4) Safely View Suspicious Documents

Some users, such as journalists or public relations professionals, regularly receive emails with attachments from unknown senders. In these cases, it can be hard to determine if a document or link is malicious. It’s safer to open documents from unknown sources using services like Google Docs or Etherpad. This can help protect you from common exploits embedded in malicious documents.

Consider using specialized operating systems designed to minimize malware threats, such as Tails or Qubes. Qubes, for example, is a Linux-based OS that isolates applications from each other, limiting the impact of any malware. Both systems are designed for use on laptops and desktop computers.

5) Online Scanning of Links and Attachments

You can upload suspicious links and files to online virus scanning services like VirusTotal. This service checks files and links against multiple antivirus databases and provides immediate results. While this method isn’t foolproof-antivirus programs may not detect new or targeted malware-it’s better than nothing if you don’t already use antivirus software.

Keep in mind that any file or link you upload to a public website like VirusTotal or Google Docs may be viewed by employees of that company or anyone with access to the site. If the file contains confidential information, consider alternative ways to check it.

6) Analyze Emails for Social Engineering

Some phishing emails impersonate tech support or IT staff, asking for your passwords, remote access to your computer, disabling security features, or installing new software. These emails often provide convincing explanations, such as your mailbox being full or your computer being hacked. Following such instructions can have serious consequences for your personal data and device security. Never share technical information or follow instructions unless you are absolutely sure of the sender’s authenticity.

7) Email Authentication

A more advanced but effective way to prevent phishing is to use software that verifies whether an email was truly sent by the stated sender and that its contents haven’t been altered. This can be done using PGP encryption and signing tools. By signing your emails with PGP, you assure the recipient that the message could only have come from someone with access to your private PGP key, making it unlikely to be malicious. The downside is that both parties need to install and know how to use PGP software.

If an email or link seems suspicious, don’t open it until you’ve investigated using the tips above and are sure it’s safe.

8) Pay Close Attention to Links

This is especially important for cryptocurrency wallets and payment systems. For an example of a successful phishing attack targeting Ethereum wallet holders, check out our article here.

Stay vigilant and always double-check before clicking on links or opening attachments. These simple steps can help you avoid falling victim to phishing attacks.