How to Protect Yourself from Phishing Emails

As a human in the 21st century, unwanted emails are a common nuisance.  Your credit card might invite you to transfer funds, or your favorite store might announce a sale — but are these emails just annoying, or are they harmful?

Scammers are constantly getting better at using fake emails to mimic legitimate companies and collect your personal information.  At first glance, these phishing emails might look like the real thing.  Read on to learn how to safely identify and block these emails to protect your information.

What Is Phishing?

Phishing refers to a type of email scam that solicits personal information, often to gain access to bank accounts or credit cards.  Online crimes like phishing cost Americans $2.7 billion in 2018, almost double the amount lost to internet scams in 2017.

Spotting a Malicious Message

Phishing emails usually impersonate a company or individual you already interact with, like a financial institution, social media site or online store.  Learn how to check an email’s legitimacy before handing over valuable personal details.

The Email Solicits Your Information

Phishing emails usually claim that your account has a problem and ask you to provide personal information.  The email might claim suspicious activity or attempts to log in, cite problems with payment information or offer a coupon or deal. It will usually ask you to click on a link and provide information, which puts you at risk for an attack.

Never click on links in suspicious emails.  Instead, access your account directly. For example, the email shown below claims that the account is locked.  A user could identify the email as phishing if they can successfully log into their account as usual.  You can also run a Google search with the company’s name and the word “phishing” to see if others have reported similar attacks, like this Disney+ scam.

A screenshot of a cell phone
Description automatically generated

Other Visual Clues

Some phishing emails might have typos and generic greetings, which indicate that the email is a scam.  But more sophisticated attacks are able to make the email really look legitimate.  Looking closely will raise some red flags.

In this Disney+ example, the email address in the “Reply-To” field is suspicious.  To check this out, search the rest of your inbox for legitimate emails from Disney+, like when you first registered for the service.  You might notice that these messages come from disneyplus@mail.disneyplus.com.  The email address in this message doesn’t match at all — the different domain name “disneyaccount.com” is a clear clue that this email is malicious.

You should also run a search on Spokeo to verify any email address you aren’t sure about.  Pay attention to context and unusual activity as well.  If a friend or family member is hacked, they could unknowingly send you malicious emails from their real email address.

How to Stop Spam Emails

Once you recognize an email as spam, there are several actions you can take to help prevent future phishing attempts.

Reporting Spam vs. Phishing

First, report the specific message as phishing through your email provider.  For example, Gmail now has a “Report phishing” function in addition to “Report spam.”  Make sure malicious messages are flagged as phishing specifically, not spam, so they are reported as dangerous.

You can also report phishing to the US government and separately contact the company being impersonated.  But don’t contact the company through the phishing email.  Instead, use your typical method of contacting the company, like calling a customer-service number listed on their website, to report the incident.

Inbox Security Measures

In your email provider’s settings, you can configure your inbox to customize how you want spam and phishing emails handled.  In Outlook, for example, you can increase the protection level to filter more messages directly into a junk folder.  You can also block specific email senders in Outlook, Gmail and other email providers.

Beyond spam filters, you can install more security features to protect your inbox.  Gmail has a Sender Icons plug-in to verify whether the email address is really from a particular company.  You should also regularly review the plug-ins attached to your inbox and remove any you don’t recognize or need, as they may be letting in unwanted and potentially dangerous emails.

Additional Security Measures

For additional layers of protection, make sure you always update to the latest version of software on your computer, phone and tablet.  Even better — configure your settings to install new versions automatically.  You should always have security software on your computer and keep that updated as well.

Make sure you are using a secure password for all your accounts.  Also, whenever possible, consider using multi-factor authentication to make it more difficult for hackers to break into your accounts.

Other Kinds of Spam

Email isn’t the only way scammers can get your personal information.  Watch out for smishing, which is spam messages sent over text message.  When in doubt, delete the message and block the sender.

Katrina Ballard is a communications manager in Washington, DC. She holds a master’s degree in public administration and has written extensively on technology, business and more.

References: