Phishing scams often look like legitimate requests for information, but there are lots of ways you can spot a phishing attack. Suspicious sender addresses, unsolicited attachments and spelling and grammar mistakes are all signs that a request for information is not legitimate.

There’s a common practice of sending direct mail disguised as courts summons or other official documentation, to make a reply more likely. Many phishing emails can take basically the same approach, only in digital form. That is, they might use all-caps subject lines (e.g., “URGENT:”) to make it seem like action is required. It isn’t. […]

No company will ever, under any circumstances, ask you for your password via email. Any email asking you to provide your password is a phishing scam. If you ever need to enter your password, always type the URL of the company’s site directly into the hyperlink bar to be sure the site is genuine. Also […]

Domain key identified mail (DKIM) uses public and private keys to ‘sign’ an email you’re receiving. This often prevents messages from hitting spam or junk, and isn’t completely necessary. However, it’s worth adding DKIM verification to your email domain. Different providers have their own techniques for doing so, but once it’s up, send a test […]

Phishing is regularly associated with tactics such as a scammer telling someone they’ve won a prize, but it can also take the form of attempted extortion. Be wary of any email threatening to expose something about you unless you quickly submit payment. Simply delete it instead of engaging at all.

It might sound like a small point, but the images you’re sent via email – even just a logo or profile picture loading up – can help hackers determine whether you’ve opened the message, setting you up for more spam or phishing. That’s why it’s useful to make images a requested element of your communications. […]