What is Phishing and How to Protect Yourself from It

While the world is in lockdown, it seems that online phishing attacks are on the rise. Now that everybody stays at home and people spend much more time online, online scams are skyrocketing and many people fall victim to them. Here is our short guide on simple things to remember in order to stay safe from phishing attacks, while you’re staying safely at home. 

But What is Phishing?

Born circa 1995, just 4 years after the first site appeared, phishing refers to the practice of using deceptive emails and websites to illegally get personal and corporate information from users. That information – usernames, password, credit cards – is later used to steal either money or more information. 

The word “phishing” itself is a combination of “fishing” and “phreaks” which was what hackers used to call themselves. The practice of phishing is considered a form of social engineering, which is a term for manipulating people by falsely representing oneself in the context of web security. 

How Can You Prevent Phishing?

Because phishing can truly cost you a lot – from stolen money to huge data breaches in your company – taking proper safety precautions is a must. We’ve put together a shortlist of the things you need to keep in mind in order to stay safe online.

1. Pay Attention To The Sender and The URL in Your Emails

One of the most common phishing scams is to spoof a big brand by sending an email with their name (and usually color palette), and say there is something wrong with your account and ask you to log in “to fix it”. Usually, the look of the email is very similar to the original brand, however, there is a sure way to distinguish whether you’re looking at the real deal. 

A good way to identify phishing emails is to check the email address: scammers cannot create email addresses with the actual domain name of the company, so instead of help@bigbrandname.com it will usually look like bigbrandname@somethingelse.com. Look carefully at the email address and not just the name appearing in your email client!

how to identify phishing emails

You should also check the URL before clicking. This can be done by hovering the mouse over the URL provided in the email, it will usually reveal the domain it’s pointing at, so you can see where this email actually wants to take you. If it’s not the official domain of the brand, don’t click on it.

2. Avoid Downloading Email Attachments You Don’t Expect

Sometimes the email looks like legitime business emails, and they don’t pretend to be a big company, but instead send over an attachment containing some sort of malware. The email is often structured as a business offer or аn email sent by the recipient’s own company/management containing files with sensitive information.

If you don’t know who the sender is, definitely don’t open any attachments. If you know the sender, but you don’t expect anything from them, or there is something fishy about it, it’s better to be cautious. Call the sender and ask them if they meant to send you anything, as sometimes scammers hack into people’s email boxes and use them for phishing attacks by spamming their contacts.

How to prevent phishing and spoofing

The most common format for the attachments is zip (.exe is usually not allowed), however, even Microsoft Office files can contain viruses, which can contain macros that need to be enabled. Overall, keep an eye for all kinds of attachments.

3. Always Check The Site You’ve Landed On

If you happen to click on a phishing link (usually via email or through instant messages), it will often take you to a website with a form of some sort. The purpose of these forms most often aim to gather your most sensitive information – usernames and passwords.

In order to be sure you’re at the correct site and before filling in any data, check the website address in the browser address bar.


Sign Up For
More Awesome Content!

Subscribe to receive our monthly newsletters with the latest helpful content and offers from SiteGround.


Please check your email to confirm your subscription.

Scammers can create a website closely resembling the design of the respective brand, but they can’t use their official domain or have the brand name in the domain (assuming the brand is trademark protected). So, often, these domains may resemble a brand’s name, but will never be the original one, and will have additional symbols, letters, or words. 

Usually, the scammy domains look completely nonsensical and sometimes the design and flow also feels odd, especially if it’s a known brand that you often see.

For example, when signing into Gmail, Google will never ask you to select your email provider or enter both your email and password on the same screen. So the flow you will often see on phishing sites is designed to resemble the original one, but it’s not. 

4. Ignore Money Requests

Another type of online scam that social engineers often use is misrepresenting themselves and asking for money under some form. An example of such phishing emails is a person in trouble, asking for financial help; you’re asked to send a small amount of money with the promise you’ll get way more in return. 

Sometimes these scams can take the form of extortion. A popular one was an email circulating in the past couple of years, stating that users have been recorded through their own webcams watching adult content and asking for money. Actually, this scam attack was so scary, it made the news as people were terrified – understandably so!  

Either way, if you are getting a money request under any form by strangers, it’s usually a scam; never give out money or financial information no matter how the situation is presented.

Remember, all the scammers need is just an email address in order to do some serious damage! Мindful internet usage is key to protecting your privacy and wellbeing on the web.

Stay safe and vigilant, while staying and working from home, and always guard your online data.

author avatar
Marina Vassilyovska

Content Strategist until 2020/12

Marina is part of SiteGround’s digital marketing team. She loves crafting content and is very passionate about digital strategies and storytelling. She is also a huge WordPress fan and can be often spotted on WordCamps or on local meetups, where she’s always up for a chat on the latest WordPress news!


Comments ( 11 )

author avatar


Apr 17, 2020

Excellent advice.

author avatar


Apr 20, 2020

Thanks for that The worst ones that I get here in NZ are the ones that say my domain names are about to expire.

author avatar


Apr 29, 2020

Yep, and hey, you can renew it now for only $299USD for a year. Quickly before it expires and is gone forever. I get these too sometimes. For a $10 per year domain :)

author avatar


Apr 22, 2020

Thanks a lot for the info !!

author avatar

Mario Palumbo

Apr 28, 2020

I think the worse is when someone is able to make it look like is coming from your own email address

author avatar


Apr 28, 2020

Thanks for your straightforward information and easy steps to follow – I'll be sharing this with clients, family and friends.

author avatar


Apr 28, 2020

Great article. Thank you. Lately, we've been receiving a lot of emails that mask themselves as coming from our own email address (as mentioned above by Mario Palumbo). Quite clever! We checked the header of these emails and noticed -- after performing a full IP trace -- they're coming from the Netherlands . We also noticed they're coming from a server named "root@domain.server.com" Can you share more on how to handle these type of emails? For example, using cPanel and Roundcube (our email client), we were able to block both the offending IP addresses and the noted server. However, this process is time-consuming and runs the risk of blocking other legitimate email senders.

author avatar

Gloria Plata

Apr 30, 2020

Useful information, thanks very much!

author avatar


Apr 29, 2020

Thx. Aging mother relies on me to help keep her safe when she's online. This kind of trustworthy information helps me stay informed. rick

author avatar


May 12, 2020

Great Article. Thank you. Would you allow me to put this article on my website blog? I will of course credit where it comes from. Cheers

author avatar

Hristo Pandjarov Siteground Team

May 13, 2020

Sure thing :)


Start discussion