How to protect yourself from phishing scams

Phishing scam

It’s not uncommon for people to install an anti-virus or anti-malware software and think they’re covered in terms of online safety. But phishing scams are a way hackers can get around that software to obtain your personal information. 

A phishing scam typically involves an email (or even a phone call) asking you to verify some information, log in to an account, renew a subscription, etc. In most cases, it looks like it’s coming from a trusted resource, such as your email provider, a subscription service, or even your boss! But in reality, it’s taking you to a fake site where the hackers can steal whatever information you provide.

The hackers behind phishing scams are tricky, but there are some things you can do to protect yourself. 

Don’t believe every email you receive 

I once received a phishing scam email that looked as though it came from a reputable source. It said it was time for me to renew my Office 365 subscription and asked that I log in and confirm my subscription information or my account would be suspended. But I was actively using Office 365 at the time to check my email, plus I knew it wasn’t time to renew yet. 

We’ve had clients who received phishing scams made to look like they came from the company president. Even if you trust the person supposedly sending the email, it’s a good idea to approach it with caution until you’ve confirmed they actually sent it. 

Do look carefully at the sender’s email address and the text

At one point in time, phishing scams were pretty obvious due to blatant typos or odd formatting in the email copy. But hackers are getting smarter, and most phishing scam emails look much more sophisticated now. 

However, there are often some small signs that can indicate it’s a phishing scam and not a valid email address. Take a closer look at the email address of the sender. Look for any scrambled letters or any additional characters before or after the domain. 

For example, a phishing scam might have “” instead of the full name of the site in the email address. Studies have shown your brain is really good at filling in that missing letter, so you might think it’s legitimate. But upon looking closer, you can see it’s not the real website at all.

Do go directly to the vendor site rather than clicking a link

If you get an email that sounds like a phishing scam, don’t click the link! Sometimes the emails are legitimate (but more often not), so it’s better to be safe than sorry.

If you think there may truly be a problem with your credit card, a subscription, or whatever else, open a different browser window and go to the company’s main website to log in and check. Or, call the company (based on online contact information, not something in the email) or individual and confirm if they sent you the request.