Hit enter to search

Phishing: 10 lifesaving tips to keep your mailbox secure

Author Avatar
Geert Van de Steen
Chief Information Security Officer , EASI

Here are ten life saving tips to distinguish a real e-mail from a phishing e-mail.

Phishing - yes it's still a thing - is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons. And what do you know, it's on the rise again

“Spam is becoming an increasingly successful attack vector, with click rates rising from 13.4% in the second half of 2017 to 14.2% in 2018”

So even though its 2018, people still click through and Adam Sheehan - Behavioral Science Lead at MWR InfoSecurity - knows what he's talking about. 

Because phishing mostly happens, by fooling the reader in an e-mail - we think it's high time for some tips. 

1. It's unexpected

Take care when you receive an email for no reason. You did not buy anything from amazon.com, but still you receive an e-mail from accounting@amazon.phishing.ru ?

2. E-mail is not urgent

A classic phishing-technique is to tell you that you urgently need to do something: Confirm your account today, make an urgent payment before the end of the week. Don't be fooled.

3. Do you know the sender?

Check the sender's address carefully. A mail from John.doe@google.accountverification.com is probably not from Google.

4. Think this is a strange question?

An official agency shall never ask you for your password, your bank details or personal details via an e-mail, SMS or telephone. Do not give this kind of information. Your bank or any other official agency takes care about security and they'll never contact you for confidential information.

5. Where does the link take you to?

If you find a link in an e-mail, hover over it, and see where it will take you. Check the first part of the name, before the first "/". "http://www.bankservices.co.mz/bnpparibasfortis.com/login" is not the login page for your bank. Do not just click on "Unsubscribe" before checking where the link will take you to, it's a classic trick to fool you.

6. Are you addressed personally?

Take care if the mail is addressed to something like "Dear Mister" or "To the CEO of this company". Phishers send thousands of e-mails hoping that just someone will click on a link in the e-mail. If they don't know your name, it is probably something malicious or fraudulent.

7. Spellling

Phishing mails often contain spelling errors. Be suspicious when you notice spelling errors in an e-mail.

8. Is the message in your spam / junk folder?

There is a reason why it is in that folder. Double check the content.

9. We'll make you curious

Phishers will try to trick you into clicking on a link by making you curious. "Look what I found about you", or "Are you in this picture?" or "Was that your car driving on the highway?". Don't be fooled, it is the oldest trick in the book. Sometimes the subject starts with "Re: " - Probably this is not a reply to a mail that you sent.

10. You need to pay

Phishing e-mails will try to make you pay money. They claim that they did not receive a first payment. Or you need to pay to receive a package from UPS. Do not believe an e-mail from accounting@paypal.payments.gh telling you that you still need to pay an invoice: It's a scam.

NIS2 whitepaper

Current job openings

Sign up to our newsletter

Follow us


Share this article