5 Ways to Avoid Phishing Attacks


Have you ever received an email that seemed…just a little too good to be true? Maybe a promise of one million dollars from an estate you just happened to be entitled to in some extraordinary person’s will? After you pay an advance-fee, of course. Maybe this video will make you think twice before getting caught on a phisher’s hook.



Don’t be like Michael Scott. “Phishing” is a type of cyber scam that involves sending a fake email (like the “Prince of Nigeria” from the video), dressed up to appear credible, that convinces you to either give up personal information or unknowingly install malware on to your system. This type of scam is tricky, but can be prevented or evaded.


Here are our tips to avoid falling for phishing:


Establish a VPN


A Virtual Private Network (VPN) allows you to extend a private network across a public network to connect remote computers to the original private network. This, in turn, extends the security of the private network to these remote devices, which can only access the network through particular identification protocols. Essentially what this means is that the data of a business can be protected effectively by having off-site employee access go through a remote private network. VPNs create a secure tunnel for sensitive data as well as block malware, effectively nipping phishing in the bud.


VPNs you pay for and can trust include Encrypt.me, NordVPN, and CyberGhost VPN. To check out more services, see this list PCMag put together.


Free VPNs, on the other hand, do the exact opposite. Free VPNs like Hotspot Shield VPN log your Internet activity and sell it to 3rd parties.

Free VPNs have been known to:


  • Inject malware onto user devices to enhance the tracking of your Internet activity
  • Direct you to advertisements
  • Not encrypt your data
  • Log user data and selling it to 3rd Parties
  • Inject malware and adware onto user devices
  • Leak user IP addresses
  • Isn’t transparent on user encryption
  • Lie about the fact that they do not collect, log, store, or share any user information

Brush Up on Your Grammar


Phishing emails are generally not the most well-written pieces on the internet. Cybercriminals tend to error in these emails, and even do so on purpose occasionally to avoid spam filters and sift out intelligent targets. Keep an eye open for spelling errors, grammar errors, excessive exclamation points, or impersonal addresses. You can also be wary of threatening or urgent language. Since most phishing emails attempt to pose as reputable companies to gain your trust, this can be an easy way to identify fakes. Very rarely do high-profile companies contact clients with urgent requests, especially regarding personal information, so unless something major is happening (which is easy to Google) you can rule out these types of emails as Phishing attempts.


Check out these examples of phishing emails, and see how improper grammar is used to try to fool users:


Talk about run-on sentence city.



Would Google really email you about emails needing to be read?



Everything about this email needs to be dissected. Caution: grammatical nightmares ahead.


Train Your Employees to Recognize the Signs


When it comes to recognizing phishing, as with anything else, practice makes perfect. Here at SaneBox, when we were dealt a phishing simulation to check our cybersecurity prowess, we as a team failed the test. The fake phishing emails sent out by our QA department were opened by a couple of our employees, and we realized that we as a company needed to brush up on our security knowledge and practices.


Training your employees can go a long way in keeping your data secure, because while humans are your greatest asset, they are also a company’s most vulnerable weak point. Purchasing a training program, such as Barracuda Phishline, to simulate phishing and train on effective aversion, can have a huge impact on the overall security of your company and the effectiveness of your employees as the front line of your cybersecurity.


Browse Securely and Privately


Public WiFi, while an incredible convenience, is also a big risk when it comes to personal data. While you don’t necessarily have to avoid it altogether, it is highly recommended that you refrain from online banking, shopping, or anything that requires you to input personal information while using public internet. You are much better off performing these tasks on your phone’s LTE/4G network or waiting it out until you have access to a private network. In addition, be sure to only use websites with secure https:// links to ensure security. This, again, is particularly important when dealing with credit card or personal information. Always remember to opt for security over convenience, as this can be the factor that prevents or leads to identity theft.



Startups like Habitu8 create funny and entertaining videos to train employees on all things cybersecurity, including navigating public WIFI.


Stay Up To Date


Cybercriminals evolve just as fast as cybersecurity does. Knowing the techniques of today may not translate to protection tomorrow. The best way to stay ahead of the game is to keep yourself up to date on current Phishing techniques and the best defenses against them. Knowledge is power, and in this case, that power can be invaluable to your or your company.


While the phishers of the world may be crafty, you can always stay one step ahead. Be smart, be logical, and be sensible when it comes to questionable emails or links. Doing so can go a long way in keeping your business or personal information safe, sound, and private.