Tips & Advice

4 tips to avoid being phished

Avast, 11 February 2020

Protect yourself from today’s onslaught of phishing emails with these 4 security tips.

The world of cyberthreats is constantly evolving. The prevalence of cryptominers, ransomware, DDoS attacks, and other cybercriminal operations ebbs and flows as technology and cybersecurity continue to advance. But one tried-and-true criminal tactic guaranteed to hit all of our inboxes on a regular (indeed, almost daily) basis is the phishing scam. 

The goal of the phishing scam is to trick you into clicking on a malicious link, downloading a malicious file, or giving away sensitive information. It does this through impersonation – pretending to be a legitimate person or entity. It uses social engineering to instill a sense of urgency or fear, hoping you’ll click without investigating its phony claims too closely. Fraudulent websites are created to look like the real thing. Email addresses are crafted to appear authentic. Logos and verbiage are copied to seem genuine. It has become a critical online survival tool to be able to detect and thwart any and all phishing attempts. 

To recognize Safer Internet Day, Avast conducted a 1,000-person survey in the UK to gauge the average user’s ability to recognize a phishing scam. We showed respondents two similar websites, one real and one phony, and asked them to identify which was the phishing site. Alarmingly, only 29% answered correctly. 

This shows us that more must be done to educate everyone on what makes a good link. As phishing scams grow even more sophisticated in their camouflage, and artificial intelligence is used to accelerate attacks, everyone should keep these all-important tips in mind:

  1. Always double-check the link.

Before clicking, hover your cursor over a link, and look at the bottom left corner of your screen to see its corresponding URL. Make sure that it’s genuine – that an L hasn’t been replaced by a 1 or that “.com” hasn’t been replaced by “.net.”


2. Look for "https" at the start of URLs.

All websites begin either with http or https. The “s” means the site is secure and is accompanied by a padlock icon in the address bar. If the site you’re visiting does NOT begin with “https,” we strongly recommend you avoid entering any personal information on that page. 

3. Install antivirus software. 

If you do not have an antivirus solution, you can download software for free, and become protected immediately. Always keep the software up to date by downloading updates when prompted. Antivirus software can detect phishing emails, malicious attachments, and malicious websites. 

4. Avoid opening attachments and clicking on links from unsolicited emails.

In addition to looking for red flags such as spelling mistakes, bad grammar, or requests for personal information, never click on links or attachments in any email unless you are 100% sure that it came from a trusted source.


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus