Anti Phishing Training – How to Stop Phishing in its Tracks

February 18, 2022 • Shannon Flynn


Cyber-security is a constantly changing industry, especially with people spending more time on their devices than ever due to the restraints of the COVID-19 pandemic. However, if we remember the fundamentals of safe browsing and get the proper training, we can identify most threats before they strike a lethal blow. Learn these fundamentals of anti-phishing training to protect your email and other accounts from cyber-attacks!

How Do I Recognize Phishing Emails?

There’s no foolproof way to spot 100% of phishing emails, but you can recognize most of them by keeping an eye out for some unique characteristics.

1. Urgent Calls to Action

Any email that implores you to take action is usually a phishing attempt. The action can be subtle, like clicking on a link. Sometimes it’s more obvious, like demanding that you give them your username and password. Here are some other examples:

  • Reports of suspicious activity or log-in attempts on your accounts
  • Claims that something is wrong with your payment information
  • Claims that your accounts have been locked or put on hold
  • Forms that require you to enter personal information
  • Offers for refunds, discounts or other perks that sound too good to be true

The email also usually includes a threat or deadline as another form of persuasion, such as “You have 24 hours to complete this action.” Such ultimatums are major red flags.

2. Unknown Senders

Whenever you get an email from an unfamiliar source, closely inspect the sender’s email address and see if they’re affiliated with your organization. If you can’t make a connection, the email is probably a phishing attempt. G-Mail and Outlook both do a good job of sending these obscure messages to your spam folder, but if one manages to find your inbox, double-check everything to make sure the sender is trustworthy.

3. Strange Greetings

Scammers usually attempt to sound as serious as possible to make their emails look more legitimate, and an easy way to spot this tactic is by looking at the greeting. If the email addresses you in a strangely formal or attention-grabbing manner, that should immediately raise your suspicions. Additionally, if the greeting doesn’t use your name, you can safely assume the sender is a stranger and thus can’t be trusted.

4. Poor Spelling and Grammar

Real organizations and individuals use proper grammar and spelling in their emails to improve their image, so it’s a major red flag if you see an email riddled with errors. Those mistakes usually indicate that the sender is a non-English speaker or a robot trying to slip through your email’s security filters. In either case, they have no business contacting you and are most likely phishing. Make sure each email you respond to appears professional.

Any email from an unknown source that contains a link or attachment is likely a phishing email. Instead of clicking on questionable links, hover your mouse over them to see if they match up with the IP address. Also, watch out for links with subtle changes, like an “o” replaced with the number zero. Scammers use these tactics to make their links appear valid at first glance and take advantage of people who ignore such details.

6. Inconsistent Domains

Scammers often attempt to impersonate reputable individuals or companies but fail to use the same domain. For example, if your bank sends you an email with an address ending in “” or “,” then it’s probably not your bank. The domain should always correspond with the sender.

These warning signs also apply to phishing attempts over the phone. If you have a suspicion that something isn’t right, trust that feeling. Better to be safe than sorry! 

How Do I Respond to Phishing Emails?

As a general rule, you shouldn’t click on anything unless you trust the sender. If you see a suspicious email, don’t take any further action with the message until you know it’s legitimate. 

If the email impersonates a company, investigate the company’s actual website to find any clues about the email’s legitimacy. Use the contact info on the website to see if the email addresses match. If the information doesn’t match, contact the company and inform them of the situation so they can address it.

Similarly, if the email impersonates an individual, you should try to get in touch with the real person through another means of communication. Social media is a great way to accomplish this step. If you can’t contact them, you can safely assume that the email in question is a phishing attempt. In any case, if you catch someone phishing in your inbox, report the email for spam/phishing, delete it and block the sender’s email address. 

If you fear that you’ve been the victim of a phishing attack, some government resources can help you ward off phishing and re-secure your personal information if it gets into the wrong hands. 

In the meantime, you should take the appropriate steps to ensure that another cyber attack doesn’t occur. Here’s what you should do:

  • Write down the scammer’s details and all the information you suspect has been stolen.
  • Change the passwords on all of your vulnerable accounts, and make sure not to reuse the same password twice. Also, add multi-factor authentication, if you haven’t already.
  • Notify IT support at your bank, work and school.
  • If you lost money, report the attack to law enforcement.

Most phishing attempts you come across will look obvious, but all it takes is one clever scammer and a perfectly-placed link to compromise your personal information. Keep a close watch for the above characteristics and trust your intuition. If you think it’s a phishing scam, it probably is.

Is Anti-Phishing Training Enough Protection?

The short answer is no. Anti-phishing training alone will not provide you with enough protection. Human error is unavoidable and one of the leading causes of cyberattacks. You need multiple layers of security in place to keep out of your system. 

Here are the other measures you must take to ensure your information’s safety.

  • Install security software such as antiviruses and virtual private networks (VPNs) onto your computer. The best software comes with a price, but it’s worth the investment.
  • Change the settings on your mobile devices so the software updates automatically. Unupdated devices leave more openings for cyber attacks.
  • Back up your information by saving everything onto an external hard drive or cloud storage software. That way, if one of your devices is compromised, all of your info stays safe and secure and you can access it from somewhere else.

Practice Safe Browsing Habits

Anti-phishing training and proper security measures can be extremely beneficial, but they only work if you practice safe browsing habits in everything you do. Keep your information to yourself unless necessary, only respond to messages you can trust and remember all of the previously mentioned red flags wherever you browse.