Nowadays, you might not get an email from a Nigerian prince in your inbox offering you millions, but that doesn’t mean that phishing schemes aren’t still a serious threat to your security. People have let their guard down a bit as email and other internet communication has become ubiquitous in our personal lives and businesses. But Phishing strategies and disguises have advanced with the times and you need to be responsibly guarded.

Clicking on links in emails is convenient but dangerous. Just last month I received an email from what appeared to be MY bank, saying MY account had been compromised, and including multiple examples of MY intimate information. The immediate adrenaline rush had me moving my mouse over their link, but something about the pixilation of the bank logo made me pause and dig a little deeper. If I had clicked the link without questioning it, I could have opened my computer up to infection. If I had gone so foolishly far as to type my login information to the “bank”, on what I’m sure would have been an exact replica of the actual login page, I would have been handing it over to thieves.

Remember that these schemes focus on catching you when your guard is down. The most glaring recent example of successful phishing schemes comes from, of all places, the White House where high-ranking officials, including now-fired Communications Director Anthony Scaramucci, Eric Trump, and the White House official responsible for cybersecurity, all compromised their personal information.

What should you be doing?

• Don’t think you are safe because of an anti-spam service. Spam filters are really good at spotting mass emails. Targeted attacks can be almost impossible to detect. So be sceptical of everything and verify by another channel before you reply with anything important or sensitive.
• Instead of clicking on links from any new address, always use the main login through your web browser for the desired website and log in the hardway.
• Check to make sure the headers make sense. For example, it’s easy to set the “from” address to anything. Right click on the “from” address to see where it came from. If the address ends in anything different from the company specific email address, that’s a red flag.

• Even trusted email accounts can become compromised. Instead of automatically clicking a hyperlink from a trusted address, right click and verify that it is taking you to a reputable site.

• (Advanced) Disable features that can leak your personal information. Many email clients automatically download ‘remote content’, such as images and stylesheets, when you open and view emails. This feature can be used by phishers to determine if you are a good target for a personalized attack by telling them if you have viewed the email, where you are viewing it from, what kind of computer you are using, and more.

  Most mail clients allow you to disable this feature. To disable it on Apple’s Mail.app see below (Outlook and Thunderbird have similar controls).

  Go to Mail > Preferences > Viewing and disable “Load Remote Content in Messages”.