How to Avoid Phishing Scams


Nasir got an email that his email account has been blocked and he needs to login to verify some information before gaining access back. He noticed that the website looks just exactly like the real website but his instincts tells him that this is a fake website.



Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

Just below is an example of a Phishing email:


As a general rule, you should be careful about giving out your personal financial information over the Internet.


Here are some steps you can take to avoid becoming a victim:

  1. Be suspicious of any email or communication (including text messages, social media post, ads) with urgent requests for personal financial information.
  2. AVOID clicking on links. Instead, go to the website by typing the Web address directly into your browser or by searching for it in a search engine. Calling the company to verify its legitimacy is also an option
  3. Don’t send personal financial information via email, and avoid filling out forms in email that ask for your information.
  4. Use a secure website (https:// and a security “lock” icon) when submitting credit card or other sensitive information online. A secure website always start with ‘https://’.
  5. Never use public, unsecured WiFi for banking, shopping or entering personal information online, even if the website is secure.
  6. Double-clicking the “lock” icon on a website will display the security certificate for the website. If the certificate isn’t displayed, or you get a warning message that the address of the website does not match the certificate, do not continue.
  7. Typically, phisher emails are not personalized, but they can be. Valid messages from your bank and e-commerce companies are personalized, and addressed specifically to you. When in doubt, call the company directly to see if the email is in fact from them.
  8. Phishers have the ability to spoof and/or forge the https:// that you normally see on a secure Web server and a legitimate-looking Web address, which – again – is why you should always type the web address yourself instead of clicking on displayed links.


Continue the conversation.

Visit to post comments and get advice from a community of security experts

Summary steps

  • If the sender of the email doesn’t address you by your first name, it is likely not authentic.
  • Avoid sending personal information over forms or links that you are not certain of.