Phishing Scams and Tips to Avoid Them

Phishing has become common phrase in tech circles but not as widely understood by end users.  So, what does the term phishing refer to?

From the Microsoft Safety and Security Center site this definition is offered:

“Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.

Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.”

These attacks are evolving in both style and sophistication so how do you mitigate the risks associated with these scams.  Well our friends at Continuum have compiled the following recommendations

  1. Be wary of suspicious emails and common phishing phrases

The simple fact is that legitimate businesses are not going to request sensitive information via email. Any email that asks for personal information should raise suspicion. Instruct customers to ignore any emails asking for anything related to account information, passwords or any other sensitive information, unless they are specifically expecting that email. If you do need to enter personal information via an email, make sure the link goes to a legitimate website that you recognize.

  1. Always check website addresses

Most people don’t pay close attention to the site that they are clicking on when they click a link. But did they know that they can reveal the actual link that a “Click Here” button or text link an email is pointing to? When hovering over a link, the user can simply preview the site, and if it’s not going to the actual company site or a website that they recognize, then clicking on that link could invite numerous problems, including a potential phishing website or installing a piece of malware onto the user’s device.

  1. Always know what links you are clicking on and where they lead

Along the same line as clicking on a website from an email, it is imperative to preview or check all links clicked on at all times. Everyone has experienced that feeling of “I shouldn’t have clicked on that one!” as their computer starts to show the effects of malware, spyware and more. Many browsers will give a preview of where the link leads before you click it—which is a feature that should always be used, especially if the website is questionable. If you don’t recognize the link you’ll be clicking to or are worried about the title, don’t click it.

  1. Don’t input personal information unless you are absolutely sure of the website

Yes, we are belaboring a point here. As a trusted MSP (which means a trusted business partner) you have an obligation to tell your customers everything you know, even if it seems obvious to you. Remember, you are the professional and the employee at your client’s company may not know what they’re doing. Reminding them to NEVER give personal information if there is even a shred of doubt is fundamental to you executing your call to protect your customer’s environments from trouble.


Do you know if your organization is doing all it can to protect you from phishing attacks?