Phishing scammers use email or text messages to trick you into giving them your privileged information.
They may try to steal your passwords, account numbers, Social Security numbers, or credentials. Phishing
emails can harm the reputation of the company or person being spoofed as well as the victim.
Here are seven steps you can take today to protect yourself from phishing attacks:
1. Protect your computer or phone by using security software. Set the software to update
automatically to deal with any new security threats.
2. Be skeptical. Pay attention to any messages that are suspicious, impose scare tactics, or
grammatical errors. Pay attention to website links. Do not click on anything unfamiliar.
3. Use strong passwords that are a minimum of 16 characters and a mix of letters, numbers, and
symbols. Passwords under 16 characters are easy to crack through brute force manipulation.
a. It is recommended to make passwords nonsensical phrases. Such as the combination of 3
b. It is recommended that users utilize a password manager.
c. Users should not use the same password across multiple platforms or accounts.
d. Users should change passwords often.
4. Check your email addresses with https://haveibeenpwned.com .
5. Use a Virtual Private Network (VPN) when you browse the internet.
6. Protect your accounts by using multi-factor authentication.
7. Back up your data and make sure those backups aren’t connected to your network. You can
copy your files to an external hard drive, cloud storage, etc.
If you suspect you have been a victim of a phishing scam:
1. Disconnect the computer from the network.
2. Report the email to the network administrator.
3. Administrators should scan systems for any suspicious activity, this includes firewall logs,
DNS logs, web logs etc.
4. Keep thorough records of the email, logs, and documented reports.
5. Victims should change their credentials or have them reset by network administrators.
6. If applicable, communicate with the actual contact in the message and let them know to check
7. User Awareness Training should help users stay vigilant when opening any other emails or
browsing the internet.
Remember, if it looks phishy, it usually is.