Such checks should be enough in most cases to spot an e-mail sent as part of a mass phishing scam. However, senders\u2019 names and addresses can be forged<\/a>, links can be shortened to make them unreadable, and chains of automatic redirects can be set up to lead from less suspicious Web addresses to the actual phishing website. That\u2019s why it\u2019s best to avoid following links sent in e-mails altogether if possible \u2014 unless it\u2019s one you asked for. For example, if you get a notice that appears to be from a bank or online store, call the bank or store to confirm.<\/p>\n You can also check if a prize is real by using a search engine to look up the official website of the company supposedly awarding it. Then you can check for prize information there. Those are just a few examples, but our advice is really the same regardless: If you want to check a link from an unsolicited letter, try to do so in a roundabout way.<\/p>\n E-mail isn\u2019t the only thing you need to be careful with. The messages you receive in messaging apps and in social networks have just as much potential for danger; you can find malicious links in friends\u2019 posts on Facebook<\/a>, in comments posted by fake brand ambassadors on Twitter<\/a>, or in DMs on Discord<\/a>.<\/p>\n Treat banners with caution as well; the images they display may have nothing to do with the website they take you to. The platforms where banners are posted usually don\u2019t control what users see or where they\u2019re redirected. Even a perfectly reputable website can serve ads that lead to phishing websites.<\/p>\n What can you do? As with e-mails, check every link carefully, and if possible don\u2019t click on them at all.<\/p>\n Bank card details are particularly sensitive because they provide direct access to your money. That\u2019s why, regardless of how you reached a website, you should double-check where you really are one last time before entering those details.<\/p>\n First, take a close look at the address. You\u2019re looking for the same red flags: typos, numbers instead of letters, hyphens in unexpected places, and strange domain names. If you see anything like that, leave the website and try entering the address manually.<\/p>\n Then, staying in the address bar, click on the padlock icon at the left. The padlock is no guarantee of security<\/a>, but from it you can learn more about who owns the website (browsers have different names for relevant tabs, such as Certificate<\/em> or Connection secure<\/em>).<\/p>\n This is what the relevant string looks like on our website in Google Chrome<\/p><\/div>\n If you do a lot of online shopping, including purchases from smaller companies and private sellers, we recommend using a separate card. Keep a small amount of money on it and transfer money to it right before you need it. That way, even if the card details are stolen, you won\u2019t lose a large amount of money.<\/p>\n If you use the same password for different accounts, even if it\u2019s a very reliable password, you risk having all of your accounts compromised<\/a> if you enter it on a phishing website at some point. It\u2019s important to use a unique password for each website and app.<\/p>\n If you find it difficult to come up with and remember dozens of new passwords for every pizza place and online store, use a password manager<\/a> to create, manage, and use them.<\/p>\n A password manager also acts as an additional check to prevent phishing. If you open an app or site and find it hasn\u2019t automatically filled in your login and password, then you\u2019re probably looking at a fake. It may look the same as the real website to a human, but if it has a different address, the password manager won\u2019t fill in account credentials.<\/p>\n Second, password managers can generate hard-to-hack passwords.<\/p>\n Third, some password managers have useful additional features. For example, Kaspersky Password Manager<\/a> checks your passwords and notifies you if they\u2019re weak, used for different accounts, or already in a database of compromised passwords.<\/p>\n\n Many phishing attacks aim to hijack accounts, but even if attackers get your login and password, you can still stop them from logging in to your account, by setting up two-factor authentication wherever possible. Once you\u2019ve done so, you\u2019ll need an additional temporary verification code to log in. You\u2019ll receive it by e-mail, text, or in an authenticator app<\/a>. Attackers won\u2019t get one.<\/p>\n Keep in mind, however, that phishers can also create fake login pages that also request one-time, two-factor authentication codes. That\u2019s why it\u2019s better to protect important accounts using hardware-based authentication<\/a> with a USB key such as YubiKey or Titan Security Key by Google.<\/p>\n Some authenticators use NFC and Bluetooth to connect to mobile devices. The advantage of using a hardware-based security key is it\u2019ll never disclose the secret on a fake website. A website needs to send the right request to get the right answer from the authenticator, and that\u2019s something only the real website knows how to do.<\/p>\n2. Keep your guard up in messaging apps or on social networks<\/h2>\n
3. Stop and think before entering bank account info<\/h2>\n
![\"How](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2021\/10\/04155240\/how-to-protect-yourself-from-phishing-screen-1-EN.png\")
<\/a>4. Use different passwords<\/h2>\n
5. Set up two-factor authentication to protect accounts<\/h2>\n
6. Use reliable protection<\/h2>\n