A phishing attack can be anything from a well-crafted email to a fake web page – and the results are devastating. They can eat into bank accounts, expose medical records, and steal employee credentials for corporate networks. And a phishing attack isn’t just limited to emails, either – attackers are also using instant messages and texting apps to target users with phishing attacks.

The good news is that letterboxed solutions against phishing attacks can be relatively simple and largely user-driven. Most attacks are laced with red flags that anyone should be able to spot and avoid if they look closely enough.

Take a closer look at the email address used in the message or web link. Does it match the real one? If not, this is a major red flag. Some phishing attacks even use shortened links that don’t always display the full address, so it’s best to hover your cursor over any link to see where it goes.

Defending the Digital Waters: A Comprehensive Guide to Protection Against Phishing Attacks

If you’re ever unsure about an email or instant message, try to deal directly with the company in question. This is particularly important for BEC, or business email compromise phishing attacks, which often involve spoofing the address of an executive in your organisation to trick lower-level employees into transferring money or confidential information into an attacker’s account.

Ensure your users are trained to recognize the signs of a phishing attack, and encourage them to change their passwords regularly to reduce an attacker’s window of opportunity. And install firewalls to control inbound traffic – they can prevent malware from exploiting known vulnerabilities and stopping it in its tracks before it reaches the end-user.