Skip to Main Content

Phishing attacks: Steps to stay safe

Hardly a day goes by without some warning about new phishing emails doing the rounds trying to get you to give up your sensitive data or trick you into downloading malware. What’s worse is that fakes are getting more sophisticated and harder to spot. Read on to learn how to spot bogus and phishing emails, and how you can reliably protect yourself against phishing sites with Avira Free Security. 


Fortunately, there’s a whole range of tell-tale signs that reveal whether you’ve ended up with a phishing email in your inbox. Be extra cautious and really scrutinize emails, especially those from seemingly reputable senders such as your bank, your online payment service, or your favorite online shopping portal. Appropriate cyberprotection solutions can also help you ward off phishing attacks.

What’s a phishing email?

Phishing refers to the mass sending of bogus emails which cybercriminals use to obtain protected, sensitive information such as PINs, log-in credentials, banking details, or credit card information. 

Such phishing emails are really sneaky because they’re so well designed, to the extent that we often don’t even doubt their authenticity. Examples include receiving apparent messages from your bank asking you to change your password. If you were to click the link in the message, you’d end up on such a well-designed website that you couldn’t tell it apart from the bank’s actual one. If you were to then enter new log-in details there, you’d be handing the scammer the keys to your online account, enabling them to do whatever they want with it. 

Cybercriminals also love another type of phishing email: Sending emails with file attachments, which are typically loaded with malware. For example, you may well receive a message from an acquaintance in which they send you a zip file with vacation photos. Naturally, you don’t doubt for a second that your acquaintance actually wants to send you shots of their vacation or some file that may be of interest to you. But these could well turn out to be fake — yet time and again people fall into this trap in their droves.

And often enough, this method has a snowball effect. That’s because every time someone opens such an attachment in a phishing email, the attackers also gain access to the email addresses from the recipient’s contact list.

Phishing emails: How cybercriminals get contact information

Cybercriminals mainly use public information sources to get the background information on us, which they need for their attacks. Typically, they scour social media such as LinkedIn, Facebook, Instagram, or Twitter where they’ll usually find what they’re looking for very quickly: Information such as your name, job title, and email address are served up there on a silver platter, which the cybercriminals then use to compose phishing emails that appear credible.

Hackers exploit human vulnerability with phishing emails

To send phishing emails, fraudsters use a wide variety of methods known as social engineering to obtain the contact information they’re interested in. And, as just as you’d imagine, cybercriminals rely on human vulnerability to harm unsuspecting victims.

Want to learn more about social engineering methods and the many tricks used by cybercriminals? Check out our blogpost on the topic of social engineering  in which we look at hackers’ various methods in more detail.

Spot tell-tale phishing signs in emails

Consumer protection bodies and the Cybersecurity & Infrastructure Security Agency (CISA) are always warning us about new phishing emails.

While this is all well and good, who actually takes the time to regularly look at these warnings?! To avoid becoming a victim of cybercriminals, it’s at least as important to be able to spot the typical tell-tale signs of phishing emails. That’s because, as you already know, scammers prefer to use human vulnerability to get at our sensitive information.

Linguistic and grammatical errors are signs of a phishy email

Received an email and spot right away that the wording is off or it’s full of errors? Incorrectly used words, comma errors, or absurd grammar can be an indication that it’s a phishing email. What bank would ever allow itself to send customers a poorly worded, grammatically incorrect, or inaccurate email?!

Phishing emails are usually sent in bulk and cybercriminals often use translation programs without knowing the language of the respective country.

And emails in which your purported bank addresses you in a different language than usual should also be treated with caution and regarded as potential phishing emails.

If you’re asked to act NOW, the phishing alarm should be ringing loud and clear

Have you ever received a message asking you to act now to avoid something bad happening to you financially? If you’re threatened with exorbitant fines, a blocked account, or even that a debt collection agency will soon come a knocking, you should be suspicious — and your phishing alarm should definitely be ringing loud and clear.

Another scam that cybercriminals often use goes something like this: You’re sent an email saying that some wealthy manager from the US has chosen you as the beneficiary of a six- or seven-figure fortune. And of course, here too you’ll be asked to act now because this vast sum of money needs to be paid out straight away. Would you take the bait?

Generic emails can be a sign of phishing

A few years ago, it was quite common for companies to send us emails starting with “Dear Sir or Madam”. The technologies involved in sending such emails have now become so advanced that we’re usually addressed by our name — not with a simple “Hello” or “Dear customer”. 

Asking you to open something and input information can be a sign of a phishing email

As we’ve mentioned, phishing emails often ask you to open a file that is sent to you as an attachment, is available for download via a link, or is linked directly to an online form.

As a rule, these file attachments contain malware such as ransomware, Trojans, or viruses that infect your laptop, Mac or PC and which you can only remove with considerable effort.

Eliminate all doubt by taking a peek at the email header

The details about the sender’s email address seem credible at first glance, the text is well written, and the design leaves little doubt as to its authenticity.

But that doesn’t mean a thing. A lot of effort goes into phishing emails, and they’re usually done very well because the cybercriminals know what they’re doing — and the sender information is usually forged.

But take a look behind the sender’s name, such as “Your Amazon Customer Service”, and you may find a completely different address — typically a Google or Freemail account specially set up for this purpose with a combination of numbers and letters before the @ sign.

If you want to eliminate all doubt, a look at the mail header (or header line) is the only sure-fire way of knowing if the email’s legitimate. There you will also find the sender’s IP address, which is forgery-proof and gives you a clear indication of who the actual sender is. Consumer protection bodies or other government agencies provide information on how you go about reading the email header.

Top tip: Check these sites for regular updates on critical phishing attacks.

How to protect yourself from phishing emails: Our top tips

Always remember that cybercriminals prefer to exploit human vulnerability, i.e. our clueless behavior, and be skeptical if you receive messages that seem odd.

Be careful if you are offered links or files to download, even if you receive a message from someone you know. And remember that your email program isn’t the only gateway for cybercriminals to get your information — hackers can also send phishing emails via social media accounts, knowing full well that you trust messages from your contacts.

Protect yourself by updating your operating system and installing security patches regularly

Always keeping your operating system up to date offers a certain degree of protection because updates come with security patches that can protect your computer from possible malware and virus attacks.

However, keep in mind that new phishing cases are coming to light every day, and technologically they’re becoming increasingly sophisticated — and all too often we usually only find out about them when it’s too late. 

Firewalls help protect against phishing attacks

By default, companies and public authorities all use firewalls to protect their IT infrastructures — and they should also be a must-have for home users.

All digital devices, whether a PC, Mac, laptop, or portable Android or Apple device, come with a firewall. However, these standard components of the various operating systems are usually not quite enough to offer solid protection. That’s why it makes sense to use an antivirus program to help you configure the firewall, such as Avira Free Security allows you to do.

That’s why it’s a good idea to use an antivirus program to help you configure the firewall, such as how Avira Free Security for Windows does.

Avira Free Security for increased security, online privacy, and performance
Increase the security of your digital devices from cyberthreats such as phishing attacks with Avira Free Security.

Good antivirus programs are essential to protect yourself from phishing emails 

Since cybercriminals sometimes use phishing emails to inject ransomware, Trojans, or viruses on your devices, an advanced and reliable antivirus program is an absolute must. 

The latest antivirus programs are designed to protect your digital devices from different types of malware, while always keeping pace with hackers’ latest developments. 

Ideally, you should opt for a tried-and-tested, easy-to-use antivirus program that offers multi-layered protection. With the free Avira Free Security solution, for example, you can protect yourself from cyberthreats and eliminate malware that has already found its way onto your computer via phishing emails. The integrated Avira Browser Safety extension also helps you block phishing and other malicious websites, protecting your confidential information from data thieves. 


Avira Free Antivirus for greater protection against phishing emails
Enjoy greater phishing protection on your digital devices with Avira Free Antivirus.

Avira Antivirus Pro and Avira Prime for Windows go one step further still, offering advanced phishing protection which you can also use to check your emails for phishing links and malicious attachments. These two premium solutions also offer download protection, which helps you check files you’ve downloaded. They also include the Avira Firewall, which adds an additional layer of protection to your operating system’s pre-installed firewall.  

By the way, with the Pro versions of the mobile apps Avira Antivirus Security for Android and Avira Mobile Security for iOS, you’re also protected against infected and phishing sites even when on the move. You can also turn on Web Protection, along with many other extra features, whenever you want simply by making an in-app purchase in the free version of the apps. 

This post is also available in: GermanFrenchItalian

Avira, a company with over 100 million customers and more than 500 employees, is a worldwide leading supplier of self-developed security solutions for professional and private use. With more than 25 years of experience, the company is a pioneer in its field.
Avira logo

Protect yourself from phishing sites and other online threats with Avira Free Security.

Avira logo

Protect yourself from phishing sites and other online threats with Avira Free Security.

Avira logo

Avira Mobile Security Pro with phishing protection.

Avira logo

Avira Antivirus Security Pro with phishing protection.