PhishingBox Logo

What You'll Learn Today:

How to Spot & Avoid Phishing

Not even the best scammer can outsmart skepticism.

Trust No one & Check Everything

  1. The Lure: An enticing, yet flawed, email featuring any of these traits:
    • Sender notes seeing suspicious activity on an account of yours and asks if you need assistance
    • There's a request for payment to restore account settings or update your credentials
    • A request to confirm personal information or provide personal / company financial account details
    • Provides a link or attachment with a fake purchase order or invoice
    • Offers a link to pay a bill (when you scroll over the destination, it's fraudulent and doesn't match the company's secure portal)
    • Notifies you of a refund or rebate you can claim
    • Includes a “coupon” link or attachment
  2. The Hook: Malware or ransomware lying in wait to snag you. If it's phishy, steer clear and don't bite! Even when scammers use “live bait” and it looks legitimate, scan to check for the hook first. Here are a few things to look for:
    • Egregious spelling and/or grammatical errors
    • Links specifically stating to update credentials or payment information
    • Urgency to act fast... or else
  3. The Defense: There are several proactive steps you can take to mitigate your desire to bite and help protect your credentials even in the event you do release them.
    • Install security software and set your systems to automatically update, so you'll have the latest patches and capabilities to deal with the latest threats before they even reach your inbox
    • Enable multifactor authentication, which requires an additional security barrier to hurdle beyond your username and password by providing:
      • a passcode sent to a secondary device or account
      • an additional question to answer
      • a biometric identifier like a fingerprint, eye scan, or facial recognition
    • Back up your data to external hard drives and store information on secondary servers or cloud providers in case you need to recover from a ransomware attack

The key is NOT acting. No one ever got phished from not clicking, not downloading, or not opening fraudulent links or attachments!

Copyright © PhishingBox