Lesson 3: Tips to protect yourself

For example, do you know what phishing is? Phishing is a form of cyber threat where attackers deceive people into revealing sensitive information or installing malware such as ransomware.

Phishing emails usually have common characteristics, as they are formulated to trigger emotions. Here are some ways to spot a phishing email:

Phishing emails usually have common characteristics, as they are formulated to trigger emotions. Here are some ways to spot a phishing email:

Emails threatening a negative consequence, or a loss of opportunity unless urgent action is taken, are often phishing emails. Attackers often use this approach to rush recipients into action before they have had the opportunity to study the email for potential flaws or inconsistencies;

Another way to spot phishing is bad grammar and spelling mistakes. Many companies apply spell-checking tools to outgoing emails by default to ensure their emails are grammatically correct. Those who use browser-based email clients apply autocorrect or highlight features on web browsers;

Emails exchanged between work colleagues usually have an informal salutation. Those that start “Dear,” or contain phrases not normally used in informal conversation, are from sources unfamiliar with the style of office interaction used in your business and should arouse suspicion;

Another way how to spot phishing is by finding inconsistencies in email addresses, links and domain names. Does the email originate from an organization that is corresponded with often? If so, check the sender’s address against previous emails from the same organization;

Most work-related file sharing now takes place via collaboration tools such as SharePoint, OneDrive or Dropbox. Therefore internal emails with attachments should always be treated suspiciously – especially if they have an unfamiliar extension or one commonly associated with malware (.zip, .exe, .scr, etc.);

Emails originating from an unexpected or unfamiliar sender that requests login credentials, payment information or other sensitive data should always be treated with caution;

too good to be true emails are those which incentivize the recipient to click on a link or open an attachment by claiming there will be a reward of some nature. If the sender of the email is unfamiliar or the recipient did not initiate the contact, the likelihood is this is a phishing email.

Another important thing to know is how to check if a link is safe:

  • Hover your mouse over the link: When you hover over a link with your mouse, you get a preview of the URL. This is fundamental because a cybercriminal can easily trick you by having the text of the link look legitimate but the actual, underlying link is something totally different.;
  • Use a URL checker: You can also use a URL checker to check the safety of a link. Google has its own version of a URL checker called Google Transparency Report. To check the safety of a link, all you have to do is safely copy the link and paste it into Google’s URL checker. To safely copy a link, right-click and choose “copy” from the options that appear. When copying the link, be careful to not click on it accidentally.

Once you’ve determined the link is safe to click, feel free to do so. Be sure to always remember the above tips before clicking on any links you receive.


The European Commission support for the production of this publication does not constitute an endorsement of the contents which reflects the views only of the authors, and the National Agency and Commission cannot be held responsible for any use which may be made of the information contained therein.