protect against phishing

Imagine this…

  • A message from your bank requesting that you verify your account info
  • A note from an old friend begging you to transfer money for an emergency
  • An email from your boss asking you to immediately download a file and update some information
  • An urgent plea from your streaming service warning that your recent payment was declined and asks you to re-enter payment details
  • A text message from a delivery service asking you to pay to have a parcel redelivered


What do these emails have in common? They’re all examples of phishing scams, in which cybercriminals pose as a person or entity you trust to trick you into sending money, downloading malware, or sharing sensitive information.

Let’s look at what phishing is and how to spot the red flags of fraudulent emails, phone calls, and other forms of communication.



Beware of any email telling you that you’ve won something, especially if you don’t recall entering a contest.

No matter the prize offered, you probably won’t receive more than a headache.


The NHS, HMRC, FCO, or any other government organisation won’t reach out via email if they need to get in touch. Emails supposedly from HMRC increase around tax time. Be cautious of an email from a government agency.

If you think it might be legitimate, look up the phone number on the government website and call to inquire.

there’s a problem with your account

These phishing emails ask you to log in to verify your account, change your password, or validate account ownership, but the goal is the same – to get your login information.

If you’re concerned about your account, independently look up the customer service number or official company email address and ask for more information.


Be wary of an email from a friend or relative asking you to send money – especially if the message communicates urgency. Their account was likely hacked – and the request is from a scammer trying to bilk their contacts out of cash.

If you receive an email like this, give your loved ones a call to make sure they’re OK and let them know they’ve been hacked.


Emails claiming to be from tech support entities informing you that you have a virus or need to download something are a common phishing ruse.

Never click on links or downloads, even if they appear to be from a trusted organization like Microsoft or Apple. Instead, purchase and install an antivirus program from a trusted business and routinely run scans and updates.


Millions of phishing scams happen each day. It’s impossible to create an exhaustive list of phishing scams because fraudsters create new ones all the time. But phishing emails often feature characteristic red flags and knowing what to look for is the first step in keeping yourself – and your information – safe.

Review the following sample phishing email and click on each marker to explore some common warning signs.

Sense of Urgency
Suspiscious Sender/Unfamiliar Recipient
Generic Greeting
Request for Personal Information
Typos and Mistake
Sense of Urgency
Suspiscious Sender/Unfamiliar Recipient
Generic Greeting
Request for Personal Information
Typos and Mistake

best practices for security

Stay informed & be an informer

Be aware of current phishing scams making the rounds. Your Line Manager and/or IT department will typically inform you of phishing attempts impacting you. If you do receive a phishing attempt on your work email, report it to them right away.

Update your browser & operating system

Don’t ignore update notifications. No matter what device or browser you use, software companies continuously release updates and new versions that include security patches for known vulnerabilities exploited by hackers and phishers. Perform recommended updates to both your browser and operating system to keep your devices protected.

Use smart security practices

Never give out your passwords or login details. Also, be sure to create unique and hard-to-guess account passwords and enable two-factor (2FA) or multifactor authentication (MFA) whenever available. Using common-sense security practices like these makes it far more difficult for scammers to succeed. If you think you may have been phished, change the passwords on any exposed accounts.

Always be sKeptical & WARY

A healthy dose of skepticism is good when navigating the internet. Don’t click on links or download attachments from people you don’t know and investigate links and attachments from people you do know, too. Ask yourself: Does this seem legitimate? If the answer is anything but a resounding yes, investigate before you click or download.