How to prevent phishing

10 Tips to Avoid Phishing Scams 🎣


Security is a big concern in today’s culture. With everything being digital (and therefore hackable), it’s important to make sure you’re protecting yourself as much as possible from threats. Plus, it’s our responsibility as email marketers to exercise safe practices for subscribers too. As email is one of the most popular mediums, phishing is a common security threat that consumers face today. Here are 10 tips from industry experts on how to prevent phishing and keep your info secure.

What is Phishing?

Phishing is the fraudulent sending of emails under the guise of a reputable company with the goal of getting people to share personal information, such as passwords and credit card data.

With roughly 3.8 billion email users worldwide, it’s no surprise that phishers see email as an easy target. For them, it’s just a numbers game. The more people they try to scam, the higher the likelihood of their efforts being rewarded.

Email users are far from insulated from phishing attacks. An email address is one of the easiest pieces of data for someone to get their hands on (we’ve all heard of the underground practice of purchasing subscriber lists). With how simple it is for scammers to find and exploit email addresses, precautions must be taken.

How is Phishing So Rampant?

Crane Hassold is the Senior Director of Threat Research at Agari, and formerly a digital behavior analyst for the FBI. He’s been around the cybersecurity block. According to Hassold, “The thing I find fascinating about phishing is it’s really exploiting a very primal part of human behavior. It’s all about curiosity, trust, and fear. Those qualities are hardwired into humans, so a lot of protection against phishing has to do with conditioning yourself to look out for things that could be a red flag.”

Phishing is such a lucrative livelihood for scammers because it works by playing to people’s basic instincts. It’s these primal tendencies—which are all rooted in self-care and survival—that scammers exploit.

How to Prevent Phishing

1. Investigate every link’s final destination

We’re all email marketers here. Links, UTMs and redirects are sprinkled throughout every email we send. Same with emails that we receive. Just because a link is typed out and looks like a normal hyperlink doesn’t mean the destination is authentic.

To find out if a link is real, hover over it with your mouse and look at the link’s destination in the lower left corner of your browser. This is the real destination, regardless of what the text says.

The definition of phishing
Courtesy of the FTC

Alternatively, you can type the URL manually into a new search bar.

2. Be cautious with shortened links

Scammers are like chameleons. They know how to mask their tactics by resembling actions that consumers are already familiar with… like shortening links.

Everyone’s clicked on a Bitly or Linktree link at some point—most likely on social media. Link shortening tools are popular for brands and users since they save character count and look cleaner than a long, messy slug.

Phishers are hip to this trend and employ it themselves. Watch out for shortened links anytime you’re tempted to click, as they might lead to a fake landing page.

3. Take “urgent” deadlines with a grain of salt

No legitimate company will ever ask for your personal data via email. If you see a message that’s trying to get you to take “urgent” action (aka, sending your personal info), call the company directly and ask. When it comes to your data, you’d rather be safe than sorry.

Always make account updates yourself or call the company using the number you find on their website (not the number the email provides—that could be fake too).

Tips on how to avoid the phishing hook
Courtesy of the FTC

Scammers will impose bogus deadlines and will sometimes even use threatening tones in their messages. When you know it’s a phisher, mark that b.s. as spam and send it to the trash where it belongs.

4. Look for the “s” in

Some websites start with http:// and others with https://. The “s” in the latter stands for secure and will show a little lock icon next to it. Those websites are safest for browsing and purchasing. Stick to secure websites whenever possible.

5. Change your passwords frequently

We know, we know. This can be a pain in the butt. “Don’t use the same password more than once,” they say. “Change them often,” they harp. Unless you work in IT or Security, you most likely use the same password, like your street name and kid’s birthday. The truth is, having a unique password for each account has never been easier.

There are reputable platforms available you can use to create strong passwords and store them for safekeeping, such as LastPass. Platforms like this one are seamless and reliable for keeping data secure.

Secure password storage
Courtesy of LastPass

6. Don’t allow remote access to your computer

Yep, it happens. Someone reaches out pretending to be from a well-known security firm and wants to help you install software protection on your computer.

1. Don’t install anything from an unverified source.

2. Especially don’t give that unverified source direct access to your computer. That’s a hard no-no.

7. Set up two-factor authentication

Many organizations offer two-factor authentication for an extra layer of security. Take advantage of this whenever possible so no one else can log in without needing your device.

Tips to protect your data from phishing scams
Courtesy of the FTC

8. Trust your gut instincts

If an email looks or feels off to you (even if you have very little reason to think so), trust your instincts. You’ve likely seen a garbage phishing email at some point, littered with typos and grammatical errors, unprofessional imagery, and just not a clean, crisp experience like you’d normally expect.

When an email or other interaction feels off to you, save yourself a potential headache and trust your gut.

Tips of scamming tip-offs
Courtesy of the FTC

9. Finally, use good judgement

This goes without saying, but it’s perfectly true. The best thing you can do to protect yourself against phishing attacks is plain and simple common sense.

Avoid the unknown. Don’t:

  • Click unknown links
  • Download unknown files or files from unknown sources
  • Open attachments (even on social media) from untrusted sources

10. Report phishing attempts

In email, this is as easy as forwarding the poorly executed attempt to get your personal information to the proper authorities.

Reporting phishing scams to
Courtesy of the FTC

If You Think You’ve Been Scammed

Change your passwords immediately—email accounts, financial institutions, your computer login, Facebook, everything. The sooner you can lock them out and slow their progress, the better.

If you think your banking information is at stake, call your bank and let them know asap. They’ll be on high alert for odd account activity.

Use a trusted security software to scan and scrub malware from your computer.

Let Subscribers Know Your Emails are Safe

Your subscribers are constantly on the lookout for phishing emails too. That’s why it’s super important to use intentional “from” fields: a clear sender name; a well-crafted subject line; and thoughtful preview text.

Additionally, make sure your brand is employing good security practices and embracing email authentication protocols. These can include DKIM or SPF, or even DMARC if you already have the other two. Plus, keep an eye out for BIMI authentication. Gmail has indicated BIMI support in early 2020 as well, and most likely other email clients will follow suit as it exits beta testing. BIMI is going to be top-drawer verification for subscribers to know who is emailing them.

With proper “from” fields, email authentication and spam testing every email, you can land in more inboxes, plus build and maintain trust with subscribers.

Improve Deliverability to Hit More Inboxes!

Nothing ruins a polished email’s ROI potential like a trip to the spam folder. Run a Spam Test right within your Campaign Precheck workflow so you can land in more inboxes and increase email ROI. With Email on Acid, you can check your email against 23 of the most popular spam filters and your domain against the most popular blocklists before you hit “send”. Sign up for a free trial and try it out today.

Start a Free Trial

Author: Melissa Berdine

Serendipity steered Melissa into email marketing in 2017, and she's been hooked ever since. Creating emails for luxury hotels, sustainable foods, Netflix series, CBD brands, and more, she can be found with no less than four beverages on her desk, and her dog snoozing beside her. In her free time, Melissa likes to re-watch '90s sitcoms.

Author: Melissa Berdine

Serendipity steered Melissa into email marketing in 2017, and she's been hooked ever since. Creating emails for luxury hotels, sustainable foods, Netflix series, CBD brands, and more, she can be found with no less than four beverages on her desk, and her dog snoozing beside her. In her free time, Melissa likes to re-watch '90s sitcoms.

3 thoughts on “10 Tips to Avoid Phishing Scams 🎣”

  1. With more people who turn to the internet for shopping, online banking and other transactions that are connected to their personal bank accounts, phishing scams are also increasing. While it can have dangerous consequences, there are a lot of ways we can to do to avoid phishing scams. It’s important that we should be very vigilant about email links and make sure that our browser and computer are up to date. Most importantly, we shoul avoid sharing personal account information over the internet. Thank you for your tips! Very helpful indeed!

  2. Thanks, Melissa…
    I appreciate the suggestions given in this blog regarding the security-related awareness a person should learn to prevent a data breach. Opening an email or any message from an unknown person or company could lead to a data breach which worth a lot. So, everyone should be aware of the factors which should be taken into consideration to deal with such kinds of situations.

Leave a Reply

Your email address will not be published. Required fields are marked *