How to Avoid a Phishing Attack

With the breach of Epsilon, we are going to see a huge influx of phishing attacks before it settles back down to the normal level of tons of phishing attacks. So you aren’t a computer expert, how do you protect yourself?

Don't worry about spotting the phish, it is more important that you do not take the actions that make the attack successful.

There are a few simple rules to follow that will almost certainly prevent you from becoming a victim… if you are diligent.

Fundamentally there are two ways the phishing attacks work. One way is to ask you in email for information such as your password and other personal information. Never give out your password. If the email says there is a security problem with your Hotmail or Facebook account and that you must provide information to prevent being locked out, don’t do it. The email may look legitimate, but it never is. No institution needs to have you respond to an unsolicited email asking for any personal information, ever.

The second way a phishing attack works is to direct you to a web page that asks you to log in. This may be a banking site, an email account, a social networking site, or some other web site. If you click on a link in an email and you are prompted to log in, close your web browser. Yes, this means that when you get an email from Facebook that says there is a new comment, if you click on the link and need to log in, then do not do it. Close your browser, open it again, log into your account and find the message you want to see. Never log into an account from a link in an email. You may be 99.999999% positive that the Facebook email is legitimate, but phishers want their emails to be something you have that much confidence in. Follow my rules and you will foil the phishers.

When you get email offers from Best Buy, the home Shopping Network, your bank or anyone one else, if the link in the email leads to a screen where you must log into your account, don’t do it!!!

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

Author , ESET

  • Jaritico Trby

    ESET is the best way to protect the system, but also additional supplements are needed to navigate securely online … as a web of true, a Mozilla plug, or other specialized antivirus navigation …
    I'm not saying eset effectiveness is not, on the contrary, it is best that I recommend …
    thanks …

    • David Harley

      Jaritico, I quite agree. AV is not enough. A good internet security suite is better, but even then I’m a great believer in not relying on one layer of defence. And that goes for home users as much as it does corporations.

  • Miles Baska

    Nice job, Randy!  I've sent a link to this article to everyone in my address book.

  • Lloyd

    After an annoying virus attack, ESET gave me some good advice: be more careful:
    -I now exclusively use my non-admin user account except for tasks that require an admin account. I never surf on my admin account except to update windows at the windows update site.
    -I disabled the registry editor
    It's annoying to have to log into my admin account to do a lot of routine stuff and to enable the registry editor if I have to alter the registry. But if it prevents one attack, it's all worth it.
    Thanks ESET for reading me the riot act.

  • Reynaldo Hernandez

    Question:  Is openiing a new browser, either the same as or different from the one currently in use for email, the secure equivalent of closing the email browser and opening a new one?

  • mike fedor

    I had a pop-up stating my computor has 213 infections?  About a week ago.
    Does this service I get from you protect my computor before this happens? Mike

    • Randy Abrams

      Check out Where did your pop up come from?

  • Teresa

     KISS —This is excellent advise and appreciate you keeping it simple soooo. everyone can do it..thanks

Follow us

Copyright © 2017 ESET, All Rights Reserved.