Phishing is a type of cybercrime where attackers attempt to trick individuals into revealing sensitive information, such as passwords, credit card numbers, or other personal data. This is typically done through deceptive emails, messages, or websites that appear legitimate but are designed to steal information.

Below are the best practices for avoiding phishing:

Be Skeptical: Always inspect emails that request sensitive information or prompt you to take urgent action. If something feels off, it probably is, and it never hurts to double check! If an email looks suspicious to you, have another person look at it.

Verify Requests: Phishing attempts often come from addresses that look like legitimate ones but have slight variations. If you receive a request and are suspicious of it, verify the request with the sender through a different communication channel such as phone number. Don’t click on any links until you can confirm the legitimacy of the email.

Look for Red Flags: Poor grammar, spelling mistakes, and generic greetings can be signs of a phishing attempt. Legitimate organizations typically communicate professionally.

Check URLs: Hover over the links in an email but don’t click! Phishing sites will often mimic legitimate websites but have subtle differences in their URLs. If it looks suspicious or doesn’t match the organization’s website, don’t click it.

Attachments: Practice the same caution with attachments! Scammers can include attachments in their phishing emails that contain malware, or other files that can compromise the security on your computer.

Use Two-Factor Authentication (2FA): Enable 2FA on accounts whenever possible. This adds an extra layer of security, requiring a second form of verification beyond just your password. Microsoft and Google have Authenticator apps as do many others, which can be found on the app store on your mobile device.

Keep Software Updated: Regularly update your operating system, browser, and antivirus software to protect against vulnerabilities that phishers might exploit.

Educate Yourself: Stay informed about the latest phishing scams. Awareness is one of the best defenses against falling victim to these attacks.

Report Phishing Attempts: If you encounter a phishing email or message, report it to your email provider or the organization being impersonated. This can help others avoid similar scams. Forward phishing emails to reportphishing@apwg.org (an address used by the Anti-Phishing Working Group) or directly to the Federal Trade Commission (FTC) at https://reportfraud.ftc.gov/.

By being vigilant and following these tips, you can significantly reduce risk of falling victim to phishing attacks and protect your personal information.