skip to Main Content

4 Steps to Protect Against Phishing Attacks

The latest insights in Information Technology.

4 Steps to Protect Against Phishing Attacks

Phishing scams use emails, text messages, or messaging apps to trick users into giving out their personal information. A successful phishing attack might be able to collect passwords, account numbers, or Social Security numbers. In a business setting, a phisher’s aim might be to infiltrate a user’s email account in order to gain access to all the documents stored on the software used to host the email.

Some phishing messages may appear to be from companies you know or trust. They may be engineered to look like they’re from a bank, credit card company, social networking site, online payment website or app, or even an online store.

A common approach in a phishing scam is to tell a story to trick the recipient into clicking a link or opening an attachment. They may suggest that there is suspicious activity or unauthorized login attempts on your account. They might claim there’s a problem with your account or payment information, then suggest that you confirm some personal information.

Phishing messages appearing to come from a company may include a fake invoice or encourage you to click on a link in order to make a payment. Some clever phishers might even tell you that you’re eligible to register for a government refund or offer a coupon for “free stuff.” These should all be red flags for you – pay close attention to the sender’s return email address them when attempting to determine whether something is a phishing scam or a legitimate message from someone you know or trust.

Spam filters on your email account may keep many phishing attempts from ever reaching your inbox. But scammers are always looking for ways to outsmart these filters, so it’s a good idea to add extra layers of protection whenever possible.

4 Steps You Can Take to Protect Against Phishing Attacks:

Security Software

Protect your computer with reputable security software. Make sure the software is set to update automatically so you’re better equipped to deal with new security threats.

Mobile Device Software

Setting your mobile phone and other internet-connected devices to update software automatically offers ongoing protection against critical security threats.

Multi-Factor Authentication

Many accounts now offer additional security measures such as multi-factor authentication. This process requires the user to provide two or more credentials – such as a passcode sent via text message or an authentication app, or perhaps even fingerprint or facial recognition – in order for you to log in to your account.

Data Backup

Back up all your data and make sure the backups are connected to something other than your home network. You can copy your computer files to an external hard drive or store them in the cloud. It’s a good idea to back up the data on your phone as well.


What to Do If You Suspect You’re Being Phished

If you receive an email or text message that asks you to open an attachment or click on a link, ask yourself: Do I have an account with this company? Do I know the person who has contacted me>?

If the answer to either of these is “no,” it could very well be a phishing scam. If you see any of the warning signs listed above, report the message and then delete it.

If the answer is “yes,” the best way to ensure that the message is real would be to contact the company using a phone number or website that you know is legitimate and verify the information in the email. Attachments and links in bogus messages can install harmful malware that could cause irreparable damage to your computers or mobile devices.


What to Do If You Already Responded to a Phishing Email

If you think you may have inadvertently given a scammer access to your personal information, such as your Social Security number, credit card, or bank account number, go to for specific steps to take based on the information that you have lost.

If you have clicked on a link or opened an attachment that you think may have downloaded harmful software, update your computer’s security software and then run a scan.


How to Report Phishing Attacks

If you received a phishing email or text message, always report it. The information you provide could be instrumental in helping fight and catch the scammers. Forward the suspicious message to the Anti-Phishing Working Group at If the phishing attempt was made in a text message, forward the text to SPAM (7726). Finally, report the phishing attack to the Federal Trade Commission here.

Back To Top